Safe

1235712

Comments

  • I really liked this box at least for the user. Learnt a lot of things about advanced BOF.

    The frustrating part is that we could not used libc leak method remotely (through nc) but locally it works fine.

    Of course since it's an easy box you don't have to go through libc leak but just use what is in front of you on m***p but If you want to extend your skillz I recommend u to try with the hard method anyway ;)

    OSCP, OSWP, GCIH, CEH, Security+, VHL Advanced+

    https://www.phrozen.io/

    Hack The Box

  • I need a hint on getting my exploit to work. It seems I have everything in place but I can't manage to get a second prompt.

  • Would love to chat with someone who as completed the bin ex. I have it working but i am struggling to understand why its working. If you have a good understanding of it and can spare a few minutes please let me know.

  • edited August 2019

    Hello ,
    It is my first time I am attending any active machine . I couldn't able to figure out what to do after n map . I tried login in to SSH using user & root but it is all password protected . Can anyone PM me the right direction how to proceed further .

  • I’m happy to help anyone if you have specific questions about the binex feel free to message me. In the interest of efficiency, though, it will probably be pretty beneficial for both of us if you’ve watched some of the videos or read some of the webpages linked in this post. If you message me saying “any hints for binex” or similar, that’s what I’m going to tell you.
  • When a machine is labelled as "easy" and you have to do reverse engineering just to get user...

  • Type your comment> @BazSecOps said:

    Type your comment> @Kiwi1281 said:

    So I feel like a complete idiot for asking this but how can I download the m**** file as all the ways I have tried haven't given me the file.

    Try another port

    Thanks you!

    I like helping people. It helps me to clarify what I've learned from what I've done. If you message me for help please give as much detail as possible. Specifically: what you've tried, why you think it's not working and what you think you should try next. If you find me helpful I appreciate a respect vote.

    kaosneverdied

  • Type your comment> @XMA said:

    When a machine is labelled as "easy" and you have to do reverse engineering just to get user...

    I think the level of a machine is more based on the "root" step than "user". The user isn't easy but root was easy as f***

    OSCP, OSWP, GCIH, CEH, Security+, VHL Advanced+

    https://www.phrozen.io/

    Hack The Box

  • Thanks @deviate, I struggled to find an address where I could write my string, your comment was the last piece I needed to solve the puzzle.

    Also, thanks @ecdo for creating a easy box to learn R*P, even though it required a bit of manual labour since ret2libc from the tutorials out there didn't work

  • i don't understand where i have to donwload the binary.
    Any hint?

  • Type your comment> @sh4rk said:

    i don't understand where i have to donwload the binary.
    Any hint?

    My only comment

    just because something looks default, doesn't mean it hasn't been touched

    If I help you out, drop a respect, two clicks to say thanks, link below.

    https://www.hackthebox.eu/home/users/profile/121966

  • [Aug 02 18:30] Ryan412 believes that Safe sucks big time! [ +1 ]

    Honestly, that password sums up the entire machine.

    Hack The Box

    OSCP | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)

  • I actually really enjoyed doing this box. Getting User took me ages but was worth all the effort to improve on the skills needed. Thanks to @poker1 who kept me sane and pointed me at pwntools lib which will simplify a load of my python code from now on.

    Arrexel

  • Someone ping me I need help I found that port.And i found that ov**Fl*w .

  • who want to work with me to do this BOF ?

    Arrexel
    OSCP | I'm not a rapper

  • Rooted. Don't think this box is so bad, it might be worse:) At least I had a chance to hone my skills in R*P. Root part was easy as it should be.

    dsavitski
    PM for hints, but try to describe exactly where u are on the box and what you've tried. Don't forget about +respect button:)

  • Rooted ! Interesting box.

  • edited August 2019

    I'm in the same boat as @Saranraja @sazouki , and @dsavitski above... I know what I need to do but am having difficulty getting it to work. Any guidance would be appreciated.

  • Type your comment> @aj8417 said:

    I'm in the same boat as @Saranraja @sazouki , and @dsavitski above... I know what I need to do but am having difficulty getting it to work. Any guidance would be appreciated.

    i managed to exploit the binary on local machine but what i know to get the exploit work remotely we need to add our shell string to memory

    Arrexel
    OSCP | I'm not a rapper

  • Wonderful box, it's very indicative of how impatient and unwilling to learn some people are. I enjoyed learning ROP a ton, thanks!

    Hack The Box

  • Type your comment> @overcrookd said:

    Wonderful box, it's very indicative of how impatient and unwilling to learn some people are. I enjoyed learning ROP a ton, thanks!

    Well said!!

    If I help you out, drop a respect, two clicks to say thanks, link below.

    https://www.hackthebox.eu/home/users/profile/121966

  • Rooted... Good easy box. It's CTF style, but in my opinion don't deserve so many dislikes. The first part it's a very good oportunity to learn/refresh ROP technique with an easy challenge, and second one it's quite obvious if you know how the involved application works. Thumb up!

    ompamo

  • edited August 2019

    Rooted.

    I'm not sure why there's all the hate surrounding this box.

    User was a lovely B** & R**

    Root wasn't particularly difficult if you have any experience with k*****s, or you know how to use basic Google at a basic level. Make sure you don't ignore anything that's given to you, especially when it's staring you right in your face.

    Feel free to pm me if anyone needs a hint in the right direction :)

  • Rooted! Love the user part, root was interesting but pretty CTF-like. Overall pretty decent box.

    Feel free to PM me if you have any questions

  • Someone can give me a hint (PM)? I can't see how use the gadgets that I found to write my string into memory.

  • Type your comment> @adelmatrash said:

    Someone can give me a hint (PM)? I can't see how use the gadgets that I found to write my string into memory.

    same....

    Arrexel
    OSCP | I'm not a rapper

  • If you don't have gadgets take a different approach. > @sazouki said:

    Type your comment> @adelmatrash said:

    Someone can give me a hint (PM)? I can't see how use the gadgets that I found to write my string into memory.

    same....

    If you don't have gadgets to write take a different approach... Maybe there's something else in the binary that allows you to do what you want easily.

    ompamo

  • There's at least 1 gadget that you can use, r2 failed to find it though, so I used ROPgadget instead

    Hack The Box

  • Can't believe this machine is rated 'Easy', I am still stuck on trying to exploit the binary.

  • Stuck at BOF, I cannot even make it work locally. Some hint or blog to read which could help me?

Sign In to comment.