Man new releases are usually solved by now, nobody's gotten user yet??
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
This statement scares me -- especially from someone with 36x more points than I have!
I've been lucky - I really suck at binary exploitation!
And this machine is taking binexp to a whole new level
The initial vulnerability can be spotted easily, but now I have to read quite a lot how to actually exploit that "technology" O.o
I have the vague picture of what I need to do, but man there's going to be a lot of blog reading if I want to get anywhere here.
GCIH
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months ...
HAHAHAHA funny comment xD
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
Got a local exploit working. On to remote. Good luck if you're just now starting.
There go my dreams of "having a chance because everyone else gave up".
Although I've got an idea for the whole thing I haven't even found yet that "easy to spot initial vuln". Rope 1 used path traversal as doorway, can't find anything here.
Box has been rooted (in an unintended way, though)
Unintended ways are my favourite way. They give me hope being able to do it...
They just fixed it, and are now rolling out new machines.
Meanwhile, I am reading blog posts about "Careful children's shoes" (translated by Chrome from Chinese to English), without really knowing what Chrome is trying to tell me by that
For 2 days now I have been looking for ways to attack the box, but there is no result. I will be very glad to any hints. Never sat 2 days without a foothold
For 2 days now I have been looking for ways to attack the box, but there is no result. I will be very glad to any hints. Never sat 2 days without a foothold
Check what the box has to offer, compile it, and then you'll probably have to research a lot about the topic
The foothold is really hard, but well worth the effort for how rewarding it is. The step to user however looks like a whole other level. I'm going to be here a while lol.
Edit: For anyone starting out, the best tip I can give is: Ubuntu, fetch, revert, patch, compile
GCIH
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Comments
no response....
Not reachable...
the list page has it as 10.10.10.195... the actual machine page (that has all the graphs)
that address shows it at 10.10.10.196 ... responsive for me
address is 196, not 195
WOW
well thanks fellas i appriciatte that update
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
An interesting box) I found a couple of interesting ones, but apparently it's a rabbit hole
Found the repo, not sure if this is a rabbit hole though..
It's too easy for me to try to solve it
I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months ...
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
Type your comment> @TazWake said:
This statement scares me -- especially from someone with 36x more points than I have!
@ricm916 said:
I've been lucky
- I really suck at binary exploitation!
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
@TazWake said:
And this machine is taking binexp to a whole new level
The initial vulnerability can be spotted easily, but now I have to read quite a lot how to actually exploit that "technology" O.o
GREM | OSCE | GASF | eJPT
I have the vague picture of what I need to do, but man there's going to be a lot of blog reading if I want to get anywhere here.
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Type your comment> @TazWake said:
HAHAHAHA funny comment xD
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
Type your comment> @TazWake said:
Ahahahahahah!!! 😂 😂 😂
Are we sure the download needs to be bin exploited?
Has anyone done a bindiff between the download and the ropetwo download?
fulcrum and hackback as far as i can tell WERE the two longest bloods to get. This box has put them to shame.
Got a local exploit working. On to remote. Good luck if you're just now starting - lots to learn with this one!
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”
Type your comment> @farbs said:
There go my dreams of "having a chance because everyone else gave up".
Although I've got an idea for the whole thing I haven't even found yet that "easy to spot initial vuln". Rope 1 used path traversal as doorway, can't find anything here.
@sparkla said:
And there they are completely gone, now
Box has been rooted (in an unintended way, though)
GREM | OSCE | GASF | eJPT
@HomeSen said:
Unintended ways are my favourite way. They give me hope being able to do it...
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
@TazWake said:
They just fixed it, and are now rolling out new machines.
Meanwhile, I am reading blog posts about "Careful children's shoes" (translated by Chrome from Chinese to English), without really knowing what Chrome is trying to tell me by that
GREM | OSCE | GASF | eJPT
I love it that one person rated root difficulty as “Piece of cake”
Type your comment> @bigFish43 said:
lol, so the box is from a scale of piece of cake to brain fuck.
For 2 days now I have been looking for ways to attack the box, but there is no result. I will be very glad to any hints. Never sat 2 days without a foothold
@GreyParzival said:
Check what the box has to offer, compile it, and then you'll probably have to research a lot about the topic
GREM | OSCE | GASF | eJPT
The foothold is really hard, but well worth the effort for how rewarding it is. The step to user however looks like a whole other level. I'm going to be here a while lol.
Edit: For anyone starting out, the best tip I can give is: Ubuntu, fetch, revert, patch, compile
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )