Forum Widgets
Recent Discussions
SuperSonic: Ep.7 – LIFTON
Hi there, Has anyone completed SuperSonic: Ep.7 – LIFTON recently? I have answered all the questions up to question 10. I believe I need to obtain files from the ftp server, however, when trying to login with the credentials from questions 7 and 8 I get failed authentication. I wanted to confirm if this is a me issue, or there is an issue with the FTP server itself? Any help would be greatly appreciated :)0likes0CommentsA Letter to Santa
Hello everyone, Wrong time of year, I know.. I've been having a go at the Christmas challenge collection and stuck on "A letter to Santa". I've managed to get code execution as user but struggling with the priv esc. I've found the cron job which runs chmod 600 * as root in /etc/letters. Is it possible to use chmod to priv esc? I've tried creating a file called '--reference=file' and created another file called 'file' with 7777 privileges - resulting in anything in directory having suid bit set. Tried copying bash and creating a symlink, but with no luck. Am I going down a massive rabbit hole with this? Or missing some obvious plain text creds somewhere 😂Solved1like4CommentsGuardDuty: Demonstrate Your Skills
Has anyone had any issues with the GuardDuty lab. GuardDuty: Demonstrate Your Skills - Labs - Immersive In task no.4 It asked you: In order to encrypt findings being exported to S3, GuardDuty requires a KMS key The KMS key policy must give the required permissions to the GuardDuty service principal. I have amended the policy as followed. "Version": "2012-10-17", "Statement": [ { "Sid": "Allow GuardDutytoencryptfindings", "Effect": "Allow", "Principal": { "Service": "guardduty.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", ], "Resource": "*" The lab isn't progressing past this. Am I doing something wrong or is it a bug in the lab. Any help is appreciated, Thanks I0likes1CommentHack Your First Web App: Ep.6 - Hydra
I am stuck on Question 7 which instructs you to use hydra to brute force a password. I was able to use it correctly on Ep. 5. I have tried using the same cmd and changing to the login page but it returns 16 incorrect matches rather than one. hydra -l test -P /usr/share/wordlists/custom/ozone-wordlist.txt ozone-energy.bitnet http-form-post"/login:username=^USER^&password=^PASS^&Login=Login:Invalid Password"0likes1CommentFoundational Static Analysis: API Analysis step 10
Step 10 of this lab says to go to the command line and run xelfviewer. In my virtual machine, that is not found. I see a directory for the building of it, but I don't find the binary anywhere to be able to execute it, and I don't have permissions to be able to do the build. Anyone have any suggestions about that?0likes4Comments