~Anyone around who could spare a hint on how to get access to the libc (or any binary file at all)? Currently stuck at crafting a proper chain, but trying to retrieve anything that is not a text file produces an error ~
> @HomeSen said:
> Well, to be fair, it's a quite subtle issue. And many people still don't know that kind of attack (even though it already is quite old)
whenever i see critical functionality (i.e. protecting confidentiality, integrity, availability) implemented *by hand* (as in contrast to using a well tested and verified library) some alarm goes off
Sorry to see it go. One of my all time favourites. Took me weeks to finish, but I learned so much.
@TazWake said:
> Sad to see this box seems to be retiring at the weekend.
>
> It is a hard one, I'd suggest if you hadn't already made progress on it by now, it probably isn't worth starting.
Stuck on elevation of privilege. Just saw this is retiring so trying to get it before it does and wish I noticed earlier in the week. I have a shell at the moment and looking into the next steps. Happy to take a nudge. Just getting a shell took a while.
Stuck on elevation of privilege. Just saw this is retiring so trying to get it before it does and wish I noticed earlier in the week. I have a shell at the moment and looking into the next steps. Happy to take a nudge. Just getting a shell took a while.
Read the source code and work out how to exploit the binary, then exploit it.
If you are good at binary exploitation this might be easy for you. I found it really, really challenging though.
Happy to help people but PLEASE explain your problem in as much detail as possible!
Comments
yeah it worked... just didn't finish on its own... so spoiler-alert was justified I guess.
Does this box ban outgoing communication? I have RCE. but I can't ping and curl to my machine.
Edit: I found it's not important.
So I see my favorite syringe tool doesn't appear to want to work... this is gonna be messy
Edit: I am in pain
Always happy to help, DM me if you need anything!
Link to Profile
Type your comment> @1shikoroK0ishi said:
same problem I can do any command like whoami , id and ls
but when use wget,curl, ping and reverse shell didn't work
any help
I GOT THE QUERY RIGHT HELLLLL YEAAA!!!
Always happy to help, DM me if you need anything!
Link to Profile
> I GOT THE QUERY RIGHT HELLLLL YEAAA!!!
Yayy!!! 😂🤣
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
*Spoiler Removed*
Always happy to help, DM me if you need anything!
Link to Profile
Anyone willing to help me with the s***d part? I have execution but can't figure out how to get shell or do it without
Finally rooted, but it was really hard.
This doesn't make sense... the user is prevented from writing over the buffer. Is this a rabbit hole?
Always happy to help, DM me if you need anything!
Link to Profile
Hi, could someone dm why my generated cookie isn't working I know the attack I need to perform but nothing seems to work.
Type your comment> @mohabaks said:
I'm in the same spot... Swear I'm doing everything right and have tried the various options based on the source.
Edit: NVM had it right. silly mistake on my part...
~Anyone around who could spare a hint on how to get access to the libc (or any binary file at all)? Currently stuck at crafting a proper chain, but trying to retrieve anything that is not a text file produces an error
~
NVM, I first needed to embarrass myself
GREM | OSCE | GASF | eJPT
Sad to see this box seems to be retiring at the weekend.
It is a hard one, I'd suggest if you hadn't already made progress on it by now, it probably isn't worth starting.
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/
No way, just got the admin secret. They can't retire it !
Luckily, I managed to finish that one 2 days ago
I really enjoyed that box and the fact that you (usually) won't get a shell until you're root
GREM | OSCE | GASF | eJPT
same here.
i really enjoyed all of the (different) challenges that machine provided. especially that last part which i have never done before.
thanks @sokafr for an absolutely amazing machine
i had the impression you were working on another machine
Can't figure out how to trick that damn signature check. The code looks solid to me.
Bruteforcing the missing part seems a bit ambitious.
Well, I needed a break after few hours feeling lonely on that open source social network, talking to soul less people ! But I sure will get back to it
ouch! never trust homebrewed "security" solutions (especially when it comes to ... that subject you were talking about)
@xaif7aLe said:
Well, to be fair, it's a quite subtle issue. And many people still don't know that kind of attack (even though it already is quite old)
GREM | OSCE | GASF | eJPT
> Well, to be fair, it's a quite subtle issue. And many people still don't know that kind of attack (even though it already is quite old)
whenever i see critical functionality (i.e. protecting confidentiality, integrity, availability) implemented *by hand* (as in contrast to using a well tested and verified library) some alarm goes off
@TazWake said:
> Sad to see this box seems to be retiring at the weekend.
>
> It is a hard one, I'd suggest if you hadn't already made progress on it by now, it probably isn't worth starting.
Yeah got user!
@xaif7aLe and @HomeSen you made some cryptography lectures come back to my mind.
Now, what I found is intimidating
Since so far I have just got remote read access I hope that "Everything is a file in Linux" stands here
go back to you nmap result to know which one.
Stuck on elevation of privilege. Just saw this is retiring so trying to get it before it does and wish I noticed earlier in the week. I have a shell at the moment and looking into the next steps. Happy to take a nudge. Just getting a shell took a while.
@kedetzer0 said:
Read the source code and work out how to exploit the binary, then exploit it.
If you are good at binary exploitation this might be easy for you. I found it really, really challenging though.
Happy to help people but PLEASE explain your problem in as much detail as possible!
Also: https://www.nohello.com/