Official Ophiuchi Discussion

Official discussion thread for Ophiuchi. Please do not post any spoilers or big hints.

«134

Comments

  • edited February 13

    I can get a connection back to my box, but something isn't working correctly for me. lol

    edit: got a foothold, but looks like I was beaten to it

    Hack The Box

  • First time playing with this so trying to get RCE is gonna be fun

  • edited February 13

    Got RCE, but can't spawn revshell :D

    Finally, got root
    Like this machine !!
    Learned new things really!!

  • Now, that was fun. Pretty straight-forward machine without any guesswork or surprises. Yet still I learned something new. Thanks for that, @felamos :)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • @HomeSen I have user.txt any hint on root

  • @GARYHAK2009 said:

    @HomeSen I have user.txt any hint on root

    Look what you are allowed to do. And then find and exploit it ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • cant get the damn thing to execute code

  • edited February 13

    Type your comment> @p00dl3 said:

    cant get the damn thing to execute code

    the same thing is happening to me

  • edited February 13
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    
  • finally got reverse shell

  • Got root. Loved the machine, learned new things.

  • Type your comment> @Gr4yKT said:

    Type your comment> @p00dl3 said:

    cant get the damn thing to execute code

    the same thing is happening to me

    yeah, this was confusing.

    For root, all it takes is modification of 1 thing.

    Interesting box.

  • edited February 13

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

  • Type your comment> @Gr4yKT said:

    Type your comment> @p00dl3 said:

    cant get the damn thing to execute code

    the same thing is happening to me

    Same. :-D

  • edited February 15

    Loved this box. One of the first of this difficulty that I've rooted without any hints whatsoever.

    Foothold: probably gonna want to use a web proxy like B*** - try to break the thing. Some careful google-fu can yield some interesting info and some great tutorials.

    User: a bit trivial. The name is a big giveaway.

    Root: This took me a while to figure out. Usual enum, then once you found a thing, where you are is important. You may have to get your hands dirty with some new stuff.

    Thanks for the wonderful box - I think it deserves a much higher quality rating.

    EDIT: lots of people are saying to edit the w file - just putting it out that that it is possible to create your own. I got segfaults when using the language you would think to use, but there's lots of other options out there. A weird version of a commonly mocked scripting language did the trick for me.

  • Type your comment> @pizzapower said:

    I can get a connection back to my box, but something isn't working correctly for me. lol

    edit: got a foothold, but looks like I was beaten to it

    i can get a connection back too. but i have no idea on how can i get revershell.

  • My advice for you guys trying to get foothold... if you get a 500 debug/dump screen... read all the way through it... lol don't be like me.

    Wasted a hour until I noticed that ;) could have had it soooo much sooner.

    Interesting box, rough for my skillsets but tis how we learn so they say :tongue:

  • edited February 14

    Type your comment> @PrivacyMonk3y said:

    My advice for you guys trying to get foothold... if you get a 500 debug/dump screen... read all the way through it... lol don't be like me.

    Wasted a hour until I noticed that ;) could have had it soooo much sooner.

    Interesting box, rough for my skillsets but tis how we learn so they say :tongue:

    your wasted hour saved me ... thanks for the tip.

  • Rooted!

    For the last step. You can use a web thing, and it's as simple as you think it is, just cut out all of the other crap, and use whatever old faithful tool you've used since the 70s.

  • edited February 14

    -- nvm

    Blaudoom
    Discord: Blaudoom#1254

  • If only I knew enough java to know what to do with the damn 500

  • @deepansh0xB feel free to PM

    valy0

  • edited February 14

    Spoiler Removed

  • edited February 14

    nice box, ty!

  • Got user. I think I know what I'm supposed to do for root. But I can't find a way to generate the "w" file I need.

  • Type your comment> @FQuen said:

    Got user. I think I know what I'm supposed to do for root. But I can't find a way to generate the "w" file I need.

    we pronounce it wabbit github

  • Anyone have a nudge on the reverse shell? I have RCE but can't create a connection back to my machine.

  • Rooted! That was a fun machine.
    Definitely spent more time on google than my actual terminal but I learnt a few new things.
    Feel free to PM me for nudges.

    Hack The Box

  • Type your comment> @bluesheep said:

    Anyone have a nudge on the reverse shell? I have RCE but can't create a connection back to my machine.

    I had to try a bunch of different things - what worked for me is just googling a rev shell in the language I was writing in - who knew, right?

  • @bluesheep said:

    Anyone have a nudge on the reverse shell? I have RCE but can't create a connection back to my machine.

    As always with Java in particular (but also other server-side languages in general): Don't try to build too complex payloads. Often, it is better to download (and then execute) a shellscript to the target machine, and make the script do all the heavy lifting.


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

Sign In to comment.