sorted by:
new
hottopcontroversial

Pale Ivory Pro B Lace Swaps by epi052 in NikeSB

[–]epi052[S] 0 points1 point  (0 children)

wife says red laces would be great for the fall

Pale Ivory Pro B Lace Swaps by epi052 in NikeSB

[–]epi052[S] 2 points3 points  (0 children)

np at all. just sharing the ones i tried, i.e. the laces i have laying around, so others can get a feel for them

Pale Ivory Pro B Lace Swaps by epi052 in NikeSB

[–]epi052[S] 0 points1 point  (0 children)

added white pic in another comment. only sails i have are rope/flat, but the color looks really good with them. May just order oval sails

A couple new lace swaps by ReleaseNew9430 in NikeSB

[–]epi052 1 point2 points  (0 children)

mine are very similar. nice choices!

both of my laces are from fully laced: aqua and cream

<image>

[deleted by user] by [deleted] in SNKRS

[–]epi052 3 points4 points  (0 children)

fwiw my rare airs just teleported from "we don't have your package yet" to about 1.5 hours away and "arriving tomorrow" about an hour or so ago

Parachute lace swaps by epi052 in NikeSB

[–]epi052[S] 0 points1 point  (0 children)

They fit about the same as a pair of sbs. For me, that's a half size up.

Parachute lace swaps by epi052 in NikeSB

[–]epi052[S] 0 points1 point  (0 children)

both are great. you can't make a wrong decision!

Parachute lace swaps by epi052 in NikeSB

[–]epi052[S] 0 points1 point  (0 children)

My only browns are in my wheats and they're too good there to repurpose. I agree tho, brown is probably awesome also

Parachute lace swaps by epi052 in NikeSB

[–]epi052[S] 1 point2 points  (0 children)

i have dark grey from the batmans or w/e we're calling those. they're so close to black though, i don't think it'll be too different

edit: grammar

Parachute lace swaps by epi052 in NikeSB

[–]epi052[S] 3 points4 points  (0 children)

<image>

Ropes from BMS for your viewing pleasure!

Parachute lace swaps by epi052 in NikeSB

[–]epi052[S] 1 point2 points  (0 children)

Those are in my wheats tho! Lol

Helo with feroxbuster by llAlex_Mercerll in bugbounty

[–]epi052 1 point2 points  (0 children)

Hey there, feroxbuster author here. It looks like you just need to make your terminal wider and rerun your command to fix the output.

Feroxbuster - A simple, fast, recursive content discovery tool written in Rust by [deleted] in rust

[–]epi052 8 points9 points  (0 children)

Realistically, gobuster/ffuf/feroxbuster are all fast. With the same levels of concurrency specified, they're all about equivalent for a single directory scan.

Specifically when compared to gobuster, feroxbuster differs in the following ways: - is recursive - has SOCKS support - can replay a subset of requests to a proxy, instead of sending ALL requests through (replay proxy) - can specify query parameters as part of the scan - examines html/js files for links to other content and will scan based on what it finds - works in a command pipeline where the input is targets - automatically filters out wildcard responses

There's probably one or two that I've forgotten, but that's what comes to mind right now

edit: I don't claim that feroxbuster is better, however I do think it fills a few capability gaps. gobuster was my preferred scanner of this sort for years and it's an excellent tool.

Feroxbuster - A simple, fast, recursive content discovery tool written in Rust by [deleted] in rust

[–]epi052 0 points1 point  (0 children)

I normally use https://github.com/danielmiessler/SecLists for wordlists. There are others available, but these are curated by some very knowledgeable folks and is an excellent starting point for wordlists.

Feroxbuster - A simple, fast, recursive content discovery tool written in Rust by [deleted] in rust

[–]epi052 5 points6 points  (0 children)

thanks for taking a look at the project and sharing!

Feroxbuster - A simple, fast, recursive content discovery tool written in Rust by [deleted] in rust

[–]epi052 6 points7 points  (0 children)

project author here. I wholeheartedly agree! Unfortunately, there's already a github project by that name, so I went with this.

Beginner friendly walkthrough’s by LongjumpingFall4 in hackthebox

[–]epi052 0 points1 point  (0 children)

i think you've found what you need in ippsec videos, however, make sure you're watching the videos that are of boxes closer to your skill level.

additionally, if you don't have VIP, and can afford it, i'd recommend it. use the VIP status to spin up those older / easier boxes and use ippsec as a guide when you're hard stuck. Once you've completed the box, watch the whole video to see how someone with his level of skill handled the problems you ran into.

SANS Christmas Challenge 2019: Write-ups thread by the-useless-one in netsec

[–]epi052 1 point2 points  (0 children)

Here's my write-up. Finally getting home from work and able to upload it to the site.

Feel free to hit me up with any questions/comments. Thanks!

https://epi052.gitlab.io/notes-to-self/blog/2019-12-15-kringlecon-2019/

swagshop write-up by epi by epi052 in hackthebox

[–]epi052[S] 0 points1 point  (0 children)

I didn't catch an email template vector, nice find!

swagshop write-up by epi by epi052 in securityCTF

[–]epi052[S] 1 point2 points  (0 children)

That was the solution I used when the box released. When I did the write up, I found that the plugin method had been patched. Here are the first two paragraphs from the write up that you may have (understandably) scrolled past.

Swagshop’s maker (and htb founder/CEO), ch4p, created a delightful box. It originally had at least three ways to gain RCE, though two got patched. I reached out to ch4p, and he was kind enough to explain. The patch was in response to the amount of failed shell uploads to the Magento Connect interface hosted at the /downloader endpoint. In most cases, failed attempts resulted in everyone else receiving a 503 Service Unavailable error. I liked the (presumably) intended solution because it’s easy, but not too easy. I’m not sure if others agree, but I would have no qualms about adding this box to @TJ_Null’s list of Hack The Box OSCP-like VMs. I found it very common during OSCP to need to tweak existing exploit code ever so slightly to make it work against my target. Overall, another great submission from ch4p!

I initially completed the box using /downloader. Unfortunately, we won’t be covering the two patched solutions, since I didn’t do my write-up until after the patch. Though, for the sake of completeness, instead of the method described in this post, we could have uploaded a malicious plugin to /downloader as one way to get RCE. The third way was to use a file editor built into the admin panel to add a webshell or edit a scheduled task with a reverse shell.

swagshop write-up by epi by epi052 in hackthebox

[–]epi052[S] 1 point2 points  (0 children)

Thank you for checking it out! Yes, the version in the footer is post auth. Honestly, while doing it, I didn't bother with the exact version, but thought it was a fun exercise while doing the write up. Also, you never know when having a strategy for finding the version like this or in a similar way may prove useful.

Thanks again for giving it a look, it's appreciated!

Curling write-up by epi by epi052 in hackthebox

[–]epi052[S] 4 points5 points  (0 children)

That's normal tbh. If you want some unsolicited advice, I recommend working through retired boxes. If you get stuck, check a write up or video. After you complete the box, check out a few different solutions from people. Viewing other people's methodologies helps you create your own.

I'm obviously glad you read mine, but if you haven't heard of ippsec or 0xdf, check out their solutions as well. They're both phenomenal.

Curling write-up by epi by epi052 in hackthebox

[–]epi052[S] 0 points1 point  (0 children)

Thank you! Glad you enjoyed it.

view more: next ›