Official RopeTwo Discussion

Official discussion thread for RopeTwo. Please do not post any spoilers or big hints.

«1

Comments

  • no response....

  • Not reachable...

  • the list page has it as 10.10.10.195... the actual machine page (that has all the graphs)

    that address shows it at 10.10.10.196 ... responsive for me

  • address is 196, not 195

  • well thanks fellas i appriciatte that update

  • Found an exploit but it seems like a rabbit hole...
  • Man new releases are usually solved by now, nobody's gotten user yet??

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • An interesting box) I found a couple of interesting ones, but apparently it's a rabbit hole

  • Found the repo, not sure if this is a rabbit hole though..

  • edited June 29

    It's too easy for me to try to solve it

  • I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months ...

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months ...

    This statement scares me -- especially from someone with 36x more points than I have!

    Ricm916

  • @ricm916 said:

    This statement scares me -- especially from someone with 36x more points than I have!

    I've been lucky :smile: - I really suck at binary exploitation!

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake said:

    @ricm916 said:

    This statement scares me -- especially from someone with 36x more points than I have!

    I've been lucky :smile: - I really suck at binary exploitation!

    And this machine is taking binexp to a whole new level :D
    The initial vulnerability can be spotted easily, but now I have to read quite a lot how to actually exploit that "technology" O.o


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited June 29

    I have the vague picture of what I need to do, but man there's going to be a lot of blog reading if I want to get anywhere here.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @TazWake said:

    I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months ...

    HAHAHAHA funny comment xD

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • Type your comment> @TazWake said:

    I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months ...

    Ahahahahahah!!! 😂 😂 😂

  • Are we sure the download needs to be bin exploited?
    Has anyone done a bindiff between the download and the ropetwo download?

  • fulcrum and hackback as far as i can tell WERE the two longest bloods to get. This box has put them to shame.

  • edited June 29

    Got a local exploit working. On to remote. Good luck if you're just now starting - lots to learn with this one! :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @farbs said:

    Got a local exploit working. On to remote. Good luck if you're just now starting.

    There go my dreams of "having a chance because everyone else gave up".

    Although I've got an idea for the whole thing I haven't even found yet that "easy to spot initial vuln". Rope 1 used path traversal as doorway, can't find anything here.

    Hack The Box

  • @sparkla said:

    There go my dreams of "having a chance because everyone else gave up".

    And there they are completely gone, now :D
    Box has been rooted (in an unintended way, though) ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • @HomeSen said:

    Box has been rooted (in an unintended way, though) ;)

    Unintended ways are my favourite way. They give me hope being able to do it...

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake said:

    @HomeSen said:

    Box has been rooted (in an unintended way, though) ;)

    Unintended ways are my favourite way. They give me hope being able to do it...

    They just fixed it, and are now rolling out new machines.
    Meanwhile, I am reading blog posts about "Careful children's shoes" (translated by Chrome from Chinese to English), without really knowing what Chrome is trying to tell me by that :D


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited June 29

    I love it that one person rated root difficulty as “Piece of cake” :D

    bigFish43

  • Type your comment> @bigFish43 said:

    I love it that one person rated user and root difficulty as “Piece of cake” :D

    lol, so the box is from a scale of piece of cake to brain fuck.

  • edited June 30

    For 2 days now I have been looking for ways to attack the box, but there is no result. I will be very glad to any hints. Never sat 2 days without a foothold

  • @GreyParzival said:

    For 2 days now I have been looking for ways to attack the box, but there is no result. I will be very glad to any hints. Never sat 2 days without a foothold

    Check what the box has to offer, compile it, and then you'll probably have to research a lot about the topic ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited July 2

    The foothold is really hard, but well worth the effort for how rewarding it is. The step to user however looks like a whole other level. I'm going to be here a while lol.
    Edit: For anyone starting out, the best tip I can give is: Ubuntu, fetch, revert, patch, compile

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Sign In to comment.