Frolic

1679111214

Comments

  • @nawespet said:
    Hey could anyone give me a hint for where to use the idk***** password (where to find a username??).
    I understand I need to be looking through http enum but I have not found anything (I found a username and password that doesn't seem to get into anything)...

    There's a file that refers to what page you need to go to. Make sure to run dirbusters on the sub-directories too, not just the root directory of the web server.

  • I've logged in to the application and further search shows two vulns which could be used. However i'm having difficulty in getting it to work. Any clues would be helpful.

  • edited November 2018

    Would anyone be willing to PM help for priv esc? I have followed the steps in http://codearcana.com/posts/2013/05/28/introduction-to-return-oriented-programming-rop.html
    And I believe what I have done is correct (or near it) but just can't seem to make it work...
    EDIT: NVM got root

  • edited November 2018

    I know how to exploit pl****S app and read file system, I can even read user flag, but not sure how to proceed, reading files in /home/someuser directory does not help (or I'm missing something), there's one file with SETTINGS and some hashes inside but JTR, hashcat and crackstation can't crack them....

    EDIT: Metasploit is failing with error: "Could not determine CSRF tolken"
    EDIT: error is arguments.... works now...

    Arrexel

    |OSCP|OSCE|

  • Rooted a while ago. If someone needs help feel free to PM me.

    Baikuya
    OSCP

  • plz help me...after login the crack me page..i have decoded that language but don't know where to use it.

  • @pardeep1211 said:
    plz help me...after login the crack me page..i have decoded that language but don't know where to use it.

    Enumerate more. Try different tools with different capabilities. You will find what you are searching for in the end. :)

    Arrexel

  • Rooted. User was a complete CTF. I found priv-esc to be comparatively easy. Have fun guys!!!

    3zCulprit

  • Need help regarding rop. I got the system, exit, libc. So do we need offset as well? this is my first ROP. little bit confused. Saw the Oc****br IPPSec video. In that ASR enabled. So here it's not there. so got confused.
    Any hints here? Thanks in advance.

    sesha569

  • Logged into pl*****s site. worked around the csv file. Please PM how to get user

  • > @sesha569 said:
    > Need help regarding rop. I got the system, exit, libc. So do we need offset as well? this is my first ROP. little bit confused. Saw the Oc****br IPPSec video. In that ASR enabled. So here it's not there. so got confused.
    > Any hints here? Thanks in advance.

    Got root. PM me if you need hints.

    sesha569

  • Feel free to PM me if you're struggling with the priv esc.

  • AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

    Thx to IPPSEC for this video

    At first hated the box, dont like CTF. But after user an one hour watching IPPSEC's video, another hour to repeat and train this. I wrote this in less then 10 minutes

    SekIsBack

  • @Sekisback said:
    AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

    Thx to IPPSEC for this video

    At first hated the box, dont like CTF. But after user an one hour watching IPPSEC's video, another hour to repeat and train this. I wrote this in less then 10 minutes

    Same feeling as you :D

    But for user I couldn't have a shell as I want it but it worked in the end of the day

  • edited December 2018

    I am sooo close getting root! Is anyone available for PM?

    EDIT: Solved

  • Hello,
    I have found two credentials, decoded first part of code (..!?!) and stuck on the second (looks like ba4).
    Used ba
    4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
    Could you pls give a hint how to decode second part of code?

  • @c0uldb3 said:
    Hello,
    I have found two credentials, decoded first part of code (..!?!) and stuck on the second (looks like ba4).
    Used ba
    4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
    Could you pls give a hint how to decode second part of code?

    The output isn't completely random - read about Magic Numbers :)

  • GDXGDX
    edited December 2018

    Well, what am I going to say...
    I didn't like the way to get user, although the last step with the zip-file was nice for learning one or two things.
    Also root was really nice, I never had to use this technique before, so it was good to learn something new.
    My hint for everyone is really to watch IppSec's video on "October", you can own root even with zero foreknowledge only using that video. (So I mean zero foreknowledge on Buffer-Overflow, some programming skills are really recommended)

    If you need further hints just PM me, but please only questions regarding root, I don't fully remember the steps to decode that gibberish for the user xD

  • edited December 2018

    .

  • Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

    So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I'm just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

  • edited December 2018

    @r1cin said:

    @c0uldb3 said:
    Hello,
    I have found two credentials, decoded first part of code (..!?!) and stuck on the second (looks like ba4).
    Used ba
    4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
    Could you pls give a hint how to decode second part of code?

    The output isn't completely random - read about Magic Numbers :)

    and for a little insight with this like was said earlier talk to the zookeeper have his friend interpret it for you but remember to ask him for the write bytes and the magic is all in the first few bites also when the friend of the zookeeper is contacted make sure you ask him about the pickle bites I heard there good

  • @huntingbugs said:
    Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

    So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I'm just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

    I managed to get some help via chat perfect loving the site

  • edited December 2018

    got the index.php, finally stuck at +++++ SKIP ++..< , no result for decode
    is this wrong way ?

    EDIT: got user flag

    image

  • @huntingbugs said:
    Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

    So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I'm just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

    I managed to get some help via chat perfect loving the site> @TonyWong said:

    got the index.php, finally stuck at +++++ SKIP ++..< , no result for decode
    is this wrong way ?

    your stuck were I was now just look at that file for a few minutes and try to figure out what that is hint it can be decoded as is you know the zookeepers friend is great at determining what type of data hes dealing with

  • and just in case You haven't figured it out I said this to someone that helped me if they are going to b****f*** me 2 times I hope I at least get a reach around :)

  • no idea on how to decode the ???!!!?-message D:

  • read all pages of this thread it will def give you the answer

  • edited December 2018

    I am stuck on the ...!? thing as well. Read the whole thread, looking in various EL places but getting nowhere at all. I have tried all sorts of stuff, read all about BrF and some of its derivatives. Clearly I am just dense or something, and would hate to abandon the box since it otherwise looks pretty fun. Could someone PM me and offer a bit of a clue.

    Thanks

    Edit: Thanks for the tip :+1:

  • edited December 2018

    (6) What a CTF...
    Took Whole 3 days with help
    Learned little bit of BOF

    ASHacker

  • Is there meant to be a webserver on this box? Can't find any HTTP ports open?

Sign In to comment.