Obscurity

145791027

Comments

  • I found the .py file, but I have no idea on how to exploit it, any hints or references would be appreciated, cheers!

    ABD

  • edited December 2019
    well, i've got a rough idea on what to exploit for RCE, but still not sure how to do so

    ABD

  • edited December 2019

    Someone please pm for RCE , i think i know where i should serve the payload but nothing I am sending returns anything.

    Best I can do is 404 or 400

  • edited December 2019

    Good box, once I rooted it I then learnt about 2 other ways to root it.
    So I now have a totaly of 3 ways to root the box.

    You can PM via discord if you need help, Discord only, please.

    Discord : secHaq#7121
    trigger

  • m9sm9s
    edited December 2019
    Recently joined HTB, so my first root here. Nice machine, simple and straightforward.

    My tips:
    - simulate your RCE payload locally
    - read the code
    - things may disappear quckly, find a way to catch them

    Feel free to PM me, asking for clues and nudges

  • Really like this machine and all the python scripts you had to make or edit. PM for nudges.

  • Type your comment> @TheWick33 said:

    Type your comment> @zuk4 said:

    Hi All,

    I'm new in the hacking world and I have decide to try this machine, but I'm struggling to understand the py script or even run it, I'm not a python person, my mistake it seems.

    So I have found the directory and the py script and I need help to understand it, is anyone able to help me?

    Thank you

    bro how you found the secre directory and py file can you help me please

    I have used dirb with a wordlist file, that was the easiest part, at least for me.

  • Should i try to bruteforce the key for user ?

  • Type your comment> @Hagbard70 said:

    Should i try to bruteforce the key for user ?

    this is what I have been trying to do with no luck. I am not good with the logic/math of it to do what other people are saying here.

    Any nudges?

  • For people asking if their method for root was intended: It should follow a similar gist to the rest of the box.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @Hagbard70 said:

    Should i try to bruteforce the key for user ?

    I don't think it's an intended way. you would rather focus on "areas" that key is used

    Feel free to PM me, asking for clues and nudges

  • found .py file by hand.. i just read the webpage.. but my python knowledge is lacking here.. could somebody give me a nudge? i'm spending way to much time on this step of understanding the py file..

  • edited December 2019

    Rooted!

    Simple / Fun box for me.

    User: Read, write & execute on your own machine and you'll find it
    Root: Take a closer look at the command, it's fast and simple

    PM if you are confused

    Hack The Box

  • Rooted!
    Nice box, I love when you have to reverse something.
    Tip: once you find that file, everything will be straightforward.
    As always, try in your own box before exploit anything there.

    image
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • I am still struggling with this box, I can't get the shell to connect. It works locally but doesn't connect. i am lost, i need help

  • edited December 2019

    Still trying to find the "key", played around with the script for too long now with no progress. Is it something we find, or something that can be inferred? Any nudge would be much appreciated.

    EDIT: got user, thanks @phycomp for the nudge! Made it so much harder on myself by not actually reading the file, lol

  • I've found the script, but I'm not entirely certain what it does. I am not looking for the answer so much as a nudge as to what I should be researching next. I have some small understanding of the language, but could use a little help on how to understand constructing an input that triggers an unwanted response from the server. Have tried a few random curls to see if something interesting happens, but no dice.

  • Any hint about foothold
  • edited December 2019

    Type your comment> @ghost5egy said:

    Any hint about foothold

    On the main page you can find direction (file in dir), you can try to find this 'directory' manually or use small wordlist of very common dirs. It is important to look at the very specific error message.

  • edited December 2019

    Type your comment> @commercialeer said:

    I've found the script, but I'm not entirely certain what it does. I am not looking for the answer so much as a nudge as to what I should be researching next. I have some small understanding of the language, but could use a little help on how to understand constructing an input that triggers an unwanted response from the server. Have tried a few random curls to see if something interesting happens, but no dice.

    If you talking about first script (from web server) - look for comments in code from author, if developer does not particularly understand how something should be done, then this something have high probability of being vulnerable.
    And you can look at how to make HTTP requests with python requests lib, it is doing some staff for you, so you can input raw (no encoding) uri's and they will be properly understood by this server.

  • edited December 2019

    Question about root. I think I know how what to do regarding the file in t*p. But I cant seem to the run the py file without getting permission errors. Any help?
    NVM I was being stupid

  • Rooted! had some real fun with user. Root was a bit disappointing (too easy).
    Hints:
    Foothold: don't rush with that command and that syntax only because you have seen ippsec videos and it worked. Take time to understand the tool you want to use and what to fuzz
    User: just a funny puzzle game. remember that sometimes copypasting might corrupt your bytes!
    Root: nothing to say. just run the thing and you are done
    Pm for nuggets!

  • huh... that was really fun...
    and i'm so ashamed that i first stepped into the trap of bruteforcing check+out...
    (maybe thinking is over-estimated)...
    there is really no big logic involved or great mathematical skills needed...
    just keep your bytes clean and dont ruin them by copy-paste

  • Wow @c1cada just seen the way you got something, how long did that take? with ry?

    CurioCT

  • Any hint for root?

    ABD

  • Type your comment> @Abdelwahed said:

    Any hint for root?

    look at the script and what it's doing...... saying much more is not really possible

    CurioCT

  • I had an insanely hard time with this one.. But got it with some hints in the end.. Was fun but in no way easy for someone with little python knowledge.. But thats what made it fun was not knowing..

    Hack The Box

  • edited December 2019

    Really new and excited to get going with htb. Very very stuck on initial foothold can't find the directory where the py file is held. Tried many wordlists could not find it. please can anyone help me with a nudge? I feel i must be overthinking it

    edit - I found it finally thanks to @phycomp very helpful! was missing one piece to my fuzzing. On to the rest!

  • edited December 2019
    @dontknow thanx pro I have low priv shell
    I loved this box
    Foothold : tricky one
    search analyze exploit
    User : read the code reverse it
    Root : tricky 2
    Read the code analyze it
    watch command is your friend
    Thanks box creator I loved it and learned alot
  • edited December 2019

    .

Sign In to comment.