Official Intense Discussion

1235»

Comments

  • yeah it worked... just didn't finish on its own... so spoiler-alert was justified I guess.

  • edited October 2

    Does this box ban outgoing communication? I have RCE. but I can't ping and curl to my machine.

    Edit: I found it's not important.

  • edited October 3

    So I see my favorite syringe tool doesn't appear to want to work... this is gonna be messy

    Edit: I am in pain

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • edited October 3

    Type your comment> @1shikoroK0ishi said:

    Does this box ban outgoing communication? I have RCE. but I can't ping and curl to my machine.

    Edit: I found it's not important.

    same problem I can do any command like whoami , id and ls
    but when use wget,curl, ping and reverse shell didn't work

    any help

  • I GOT THE QUERY RIGHT HELLLLL YEAAA!!! :sunglasses:

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • @LMAY75 said:
    > I GOT THE QUERY RIGHT HELLLLL YEAAA!!! :sunglasses:

    Yayy!!! 😂🤣

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • edited October 5

    *Spoiler Removed*

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Anyone willing to help me with the s***d part? I have execution but can't figure out how to get shell or do it without

  • Finally rooted, but it was really hard.

  • edited October 6

    This doesn't make sense... the user is prevented from writing over the buffer. Is this a rabbit hole?

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Hi, could someone dm why my generated cookie isn't working I know the attack I need to perform but nothing seems to work.

  • edited October 9

    Type your comment> @mohabaks said:

    Hi, could someone dm why my generated cookie isn't working I know the attack I need to perform but nothing seems to work.

    I'm in the same spot... Swear I'm doing everything right and have tried the various options based on the source.

    Edit: NVM had it right. silly mistake on my part...

    Hack The Box

  • edited November 2

    ~Anyone around who could spare a hint on how to get access to the libc (or any binary file at all)? Currently stuck at crafting a proper chain, but trying to retrieve anything that is not a text file produces an error :(~

    NVM, I first needed to embarrass myself :tired_face:


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Sad to see this box seems to be retiring at the weekend.

    It is a hard one, I'd suggest if you hadn't already made progress on it by now, it probably isn't worth starting.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • No way, just got the admin secret. They can't retire it !

    FaguoZai

  • Luckily, I managed to finish that one 2 days ago :)

    I really enjoyed that box and the fact that you (usually) won't get a shell until you're root :D


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • @HomeSen said:
    Luckily, I managed to finish that one 2 days ago :)

    I really enjoyed that box and the fact that you (usually) won't get a shell until you're root :D

    same here.

    i really enjoyed all of the (different) challenges that machine provided. especially that last part which i have never done before.

    thanks @sokafr for an absolutely amazing machine ;)

  • @FaguoZai said:
    No way, just got the admin secret. They can't retire it !

    i had the impression you were working on another machine :wink:

  • Can't figure out how to trick that damn signature check. The code looks solid to me.

    Bruteforcing the missing part seems a bit ambitious.

    FaguoZai

  • edited November 11

    @xaif7aLe said:

    i had the impression you were working on another machine :wink:

    Well, I needed a break after few hours feeling lonely on that open source social network, talking to soul less people ! But I sure will get back to it

    FaguoZai

  • @FaguoZai said:
    The code looks solid to me.

    ouch! never trust homebrewed "security" solutions (especially when it comes to ... that subject you were talking about) ;)

  • @xaif7aLe said:

    @FaguoZai said:
    The code looks solid to me.

    ouch! never trust homebrewed "security" solutions (especially when it comes to ... that subject you were talking about) ;)

    Well, to be fair, it's a quite subtle issue. And many people still don't know that kind of attack (even though it already is quite old) ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • > @HomeSen said:
    > Well, to be fair, it's a quite subtle issue. And many people still don't know that kind of attack (even though it already is quite old) ;)

    whenever i see critical functionality (i.e. protecting confidentiality, integrity, availability) implemented *by hand* (as in contrast to using a well tested and verified library) some alarm goes off ;)
  • Sorry to see it go. One of my all time favourites. Took me weeks to finish, but I learned so much.

    @TazWake said:
    > Sad to see this box seems to be retiring at the weekend.
    >
    > It is a hard one, I'd suggest if you hadn't already made progress on it by now, it probably isn't worth starting.
  • Yeah got user!

    @xaif7aLe and @HomeSen you made some cryptography lectures come back to my mind.

    Now, what I found is intimidating

    FaguoZai

  • @FaguoZai just take small steps (this isn't a cryptic hint)
  • Since so far I have just got remote read access I hope that "Everything is a file in Linux" stands here

    FaguoZai

  • you definitely don't have to read *everything*; a single file will do.

    go back to you nmap result to know which one.
  • Stuck on elevation of privilege. Just saw this is retiring so trying to get it before it does and wish I noticed earlier in the week. I have a shell at the moment and looking into the next steps. Happy to take a nudge. Just getting a shell took a while.

  • @kedetzer0 said:

    Stuck on elevation of privilege. Just saw this is retiring so trying to get it before it does and wish I noticed earlier in the week. I have a shell at the moment and looking into the next steps. Happy to take a nudge. Just getting a shell took a while.

    Read the source code and work out how to exploit the binary, then exploit it.

    If you are good at binary exploitation this might be easy for you. I found it really, really challenging though.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.