(May 15, 2022, 06:25 PM)zkip Wrote: Does anybody have hint about Space Pulses. Been messing with the Logic software but just not getting anything even remotely resembling a flag.

dm me

(May 15, 2022, 05:53 PM)xemyll Wrote:

(May 15, 2022, 05:08 PM)fa23fsed23 Wrote: cis hard for me, anyone have hint ? ofc its related to imagemath.eval but exploitation vector is unknown for me

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817

---

(May 15, 2022, 02:03 AM)RustNood34 Wrote:

(May 14, 2022, 06:49 PM)Spakey Wrote:

(May 14, 2022, 05:24 PM)fa23fsed23 Wrote: on Mutation Lab you have to use
CVE-2021-23631

what is the path to flag.txt? I repeated the ../ several times and nothing

you ever find the path? I'm stuck at the same point

first read /app/index.js

It looks like the last 5 lines are a way in over port 1337, but I'm still not sure how to actually make use of it.

[quote="s4ori" pid="63490" dateline="1652651959"][quote="just4htb1337" pid="63286" dateline="1652640609"][quote="11231123" pid="63116" dateline="1652629495"][quote="testing" pid="62850" dateline="1652611893"][quote="just4htb1337" pid="62770" dateline="1652607269"]Can I get some nudge on "Kryptos Support" ... am able exfil the moderator's cookie but doesn't help, I noticed it keeps changing on every requestThanks[/quote]Struck in the same Need help[/quote]May i ask how we exfiltrate the moderator's cookie?[/quote]send this: [code][/code]wait for few seconds and you'll receive the cookie :)[/quote]how u setup ur server? , public ip or something like that?[/quote]ngrok

Stuck at BlinkerFluids, if anyone could give some hints, would appreciate it.

(May 15, 2022, 11:19 PM)11231123 Wrote: Stuck at BlinkerFluids, if anyone could give some hints, would appreciate it.

Blinker Fluids Web
HTB{bl1nk3r_flu1d_f0r_int3rG4l4c7iC_tr4v3ls}

---

Puppeter Forensics
HTB{b3wh4r3_0f_th3_b00t5_0f_just1c3...}

Golden Persistence
HTB{g0ld3n_F4ng_1s_n0t_st34lthy_3n0ugh}

Compressor
HTB{GTFO_4nd_m4k3_th3_b35t_4rt1f4ct5}

Enjoy and give me rep+++++++++++

---

Give me all the reps you can +++++

Did anyone manage to solve Mutation Lab? I'm pretty sure it has something to do with forging cookies.

(May 16, 2022, 03:16 AM)LaLisa Wrote:

(May 15, 2022, 11:19 PM)11231123 Wrote: Stuck at BlinkerFluids, if anyone could give some hints, would appreciate it.

Blinker Fluids Web
HTB{bl1nk3r_flu1d_f0r_int3rG4l4c7iC_tr4v3ls}

---

Puppeter Forensics
HTB{b3wh4r3_0f_th3_b00t5_0f_just1c3...}

Golden Persistence
HTB{g0ld3n_F4ng_1s_n0t_st34lthy_3n0ugh}

Compressor
HTB{GTFO_4nd_m4k3_th3_b35t_4rt1f4ct5}


Enjoy and give me rep+++++++++++

---

Give me all the reps you can +++++

Can you please share writeups or quick ways to get these , thank you

(May 16, 2022, 03:38 AM)testing Wrote:

(May 16, 2022, 03:16 AM)LaLisa Wrote:

(May 15, 2022, 11:19 PM)11231123 Wrote: Stuck at BlinkerFluids, if anyone could give some hints, would appreciate it.

Blinker Fluids Web
HTB{bl1nk3r_flu1d_f0r_int3rG4l4c7iC_tr4v3ls}

---

Puppeter Forensics
HTB{b3wh4r3_0f_th3_b00t5_0f_just1c3...}

Golden Persistence
HTB{g0ld3n_F4ng_1s_n0t_st34lthy_3n0ugh}

Compressor
HTB{GTFO_4nd_m4k3_th3_b35t_4rt1f4ct5}


Enjoy and give me rep+++++++++++

---

Give me all the reps you can +++++

Can you please share writeups or quick ways to get these , thank you

For Puppeter:

evtx_dump.py Logs/Microsoft-Windows-PowerShell%4Operational.evtx > asd.xml

Inside the xml file you will find a long powershell command, decrypt the #Unpack Special Orders! part.

For Golden Persistence:

Use reglookup, check the "Software/Microsoft/Windows/CurrentVersion/Run" , decode the powershell command from base64, you will get a powershell script.

Check the register values it gets with Get-ItemProperty using reglookup same way before, replace the "encrypted" variable with them and modify it a bit and just run it.

For Compressor:

Just select the cat option, and you can run commands by simply appending it to the name with ";".

I dont know the BlinkerFluids one, hope someone can explain that.

(May 16, 2022, 04:08 AM)11231123 Wrote:

(May 16, 2022, 03:38 AM)testing Wrote:

(May 16, 2022, 03:16 AM)LaLisa Wrote:

(May 15, 2022, 11:19 PM)11231123 Wrote: Stuck at BlinkerFluids, if anyone could give some hints, would appreciate it.

Blinker Fluids Web
HTB{bl1nk3r_flu1d_f0r_int3rG4l4c7iC_tr4v3ls}

---

Puppeter Forensics
HTB{b3wh4r3_0f_th3_b00t5_0f_just1c3...}

Golden Persistence
HTB{g0ld3n_F4ng_1s_n0t_st34lthy_3n0ugh}

Compressor
HTB{GTFO_4nd_m4k3_th3_b35t_4rt1f4ct5}


Enjoy and give me rep+++++++++++

---

Give me all the reps you can +++++

Can you please share writeups or quick ways to get these , thank you

For Puppeter:

evtx_dump.py Logs/Microsoft-Windows-PowerShell%4Operational.evtx > asd.xml

Inside the xml file you will find a long powershell command, decrypt the #Unpack Special Orders! part.

For Golden Persistence:

Use reglookup, check the "Software/Microsoft/Windows/CurrentVersion/Run" , decode the powershell command from base64, you will get a powershell script.

Check the register values it gets with Get-ItemProperty using reglookup same way before, replace the "encrypted" variable with them and modify it a bit and just run it.

For Compressor:

Just select the cat option, and you can run commands by simply appending it to the name with ";".

I dont know the BlinkerFluids one, hope someone can explain that.

Needed the BlinkerFuids and other webs

[quote="just4htb1337" pid="63286" dateline="1652640609"][quote="11231123" pid="63116" dateline="1652629495"][quote="testing" pid="62850" dateline="1652611893"][quote="just4htb1337" pid="62770" dateline="1652607269"]Can I get some nudge on "Kryptos Support" ... am able exfil the moderator's cookie but doesn't help, I noticed it keeps changing on every requestThanks[/quote]Struck in the same Need help[/quote]May i ask how we exfiltrate the moderator's cookie?[/quote]send this: [code][/code]wait for few seconds and you'll receive the cookie :)[/quote]what should do after getting cookie?