|
HTB University CTF 2024
by VladTrun98 - Friday December 13, 2024 at 05:33 PM
|
|
Dec 13, 2024, 05:33 PM
discussion, i start with freedom
echo "e.tylar" > a.txt && GetNPUsers.py -request -format hashcat -outputfile asrep.roast -dc-ip '<ip>' -usersfile 'a.txt' 'freedom.htb/'
Dec 13, 2024, 06:54 PM
An1 any hint on baking bad ?
DM me on disc (malw_guy) if u wanna talk This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Dec 14, 2024, 05:23 AM
(This post was last modified: Dec 14, 2024, 05:23 AM by sodanger123.)
(Dec 13, 2024, 05:33 PM)VladTrun98 Wrote: discussion, i start with freedom Hey how you can ge e.tylar from that ? (Dec 13, 2024, 05:33 PM)VladTrun98 Wrote: discussion, i start with freedom And also how you can get SQL injection from /admin/ ?
Dec 14, 2024, 10:21 AM
Any hint on Wanted Alive challenge in Forensic category??
Dec 14, 2024, 01:57 PM
I'm stuck on web_breaking_bad.
Basically, I need to somehow get access to the account financial-controller@frontier-board[.]htb, but nothing is working. I also can't forge JWT signatures... I even wrote a script for OTP to transfer money, but still no success.
Dec 14, 2024, 02:37 PM
(Dec 14, 2024, 01:57 PM)Surfacing2325 Wrote: I'm stuck on web_breaking_bad. I am stuck on this too. There is a py script that they provided that you need to complete and it gets the flag instantly but there are many things you need to complete
Dec 14, 2024, 02:41 PM
for breaking bank, look for JWKS Spoofing
This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Dec 14, 2024, 02:42 PM
(This post was last modified: Dec 14, 2024, 02:56 PM by Surfacing2325.)
(Dec 14, 2024, 02:41 PM)malwguy Wrote: for breaking bank, look for JWKS Spoofing Add me on Discord pls (Dec 14, 2024, 02:41 PM)malwguy Wrote: for breaking bank, look for JWKS Spoofing I had an idea to do it like this: "jku": "http://127.0.0.1:1337/api/analytics/redirect?url=.well-known/jwks.json&ref=test" (Dec 14, 2024, 02:42 PM)Surfacing2325 Wrote:I already tested the above to see if it would work, and as a result, I got the following request:(Dec 14, 2024, 02:41 PM)malwguy Wrote: for breaking bank, look for JWKS Spoofing but i got HTTP/1.1 401 Unauthorized Server: nginx Date: Sat, 14 Dec 2024 14:52:12 GMT Content-Type: application/json; charset=utf-8 Content-Length: 29 Connection: keep-alive {"error":"Invalid Signature"}
Dec 14, 2024, 05:30 PM
(Dec 13, 2024, 05:33 PM)VladTrun98 Wrote: discussion, i start with freedom How did you get to this point, i mean i got the sql injection but the passwords are litteraly uncrackble, same goes for the hash you've sent(kerb)? |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| SVCHOST Injector 2026 | 0 | 42 |
3 hours ago Last Post: opsecmaster67 |
||
| Cold Seal 5.6 cracked Sensitive information can be exposed or stolen | 0 | 44 |
3 hours ago Last Post: opsecmaster67 |
||
| EagleRAT v2.5 Create backdoor access points | 0 | 41 |
3 hours ago Last Post: opsecmaster67 |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 43 | 3,466 |
4 hours ago Last Post: qwertyuiop0987654321 |
||
| CBBH Write Ups | 27 | 6,733 |
4 hours ago Last Post: qwertyuiop0987654321 |
||
