Official Ophiuchi Discussion

245

Comments

  • @Sketrik I was 100% sure that I tried that and that it didn't work, but I proved myself wrong, I have a reverse shell now. Thanks for making me try it again!

    I really should pay more attention when changing variables in the pre-written ones I suppose.

    @HomeSen Thanks for the tip! I'll keep it in mind for the next boxes on my list.

  • i can't get this damn thing to execute my special w file, it keeps seg faulting. :(

  • @MartianArchive said:

    i can't get this damn thing to execute my special w file, it keeps seg faulting. :(

    Did you write a new one, or just edit the existing?
    I couldn't get my own file to work, so I simply modified the existing one.


    Hack The Box
    OSWE | GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • i got a connection back from nc but cannot get a shell with -e even with basic bash rev shells !
    is this a part of the challenge or what?

  • Type your comment> @MartianArchive said:

    i can't get this damn thing to execute my special w file, it keeps seg faulting. :(

    Modifying the original is the way to go.

    Hack The Box

  • @AbuQasem said:

    i got a connection back from nc but cannot get a shell with -e even with basic bash rev shells !
    is this a part of the challenge or what?

    Well, yes and no. Java in particular (but also other server-side languages in general) doesn't like complex payloads. Often, it is better to download (and then execute) a shellscript to the target machine, and make the script do all the heavy lifting ;)


    Hack The Box
    OSWE | GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • Type your comment> @graghtb said:

    Type your comment> @MartianArchive said:

    i can't get this damn thing to execute my special w file, it keeps seg faulting. :(

    Modifying the original is the way to go.

    @HomeSen said:
    @MartianArchive said:

    i can't get this damn thing to execute my special w file, it keeps seg faulting. :(

    Did you write a new one, or just edit the existing?
    I couldn't get my own file to work, so I simply modified the existing one.

    yeah i gave up on creating my own. modifying it was alot easier lol

  • finally rooted, thanks for the tip on the root part @PrivacyMonk3y

  • Anyone care to do a sanity check on my "Awesomeness" script? The server reaches to the /META****/***"Factory" but my payload doesn't get triggered...

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • Finally rooted.
    Was very fun!

    Got stuck in the beginning because I couldn't get it to pop but eventually worked.
    User was very easy

    Root was great, if you read, you'll get it.

  • Type your comment> @sicario1337 said:

    Anyone care to do a sanity check on my "Awesomeness" script? The server reaches to the /META****/***"Factory" but my payload doesn't get triggered...

    If you are talking about what I think you are talking about, I had problems with that. It took me a while to get the reverse shell to work when the code ran. I just got a foothold last night.

  • Stuck on root. Any nudges please

    Hack The Box

  • ROOTED! i've learned a lot. kuddos to the creator

    foothold was i bit easy. cause all you need is an RCE. but on the root it took me 2 days to get in to the root. thank for those people who keep me on track on the root part.

  • I found root!!!! this was a fun box. It did not take long once I saw what I needed to exploit.
    Hack The Box

  • Rooted. I think it's a fairly simple box.

    Foothold: Ophiuchi? God knows what it is.

    User: It's really important to find yourself.

    Root: Don't rush. There's always another, much simpler way.

  • I'm able to get the .*** file uploaded but I can't get any code in it to execute. any nudges or hints would be appreciated.

  • Type your comment> @Bojack15295 said:

    I'm able to get the .*** file uploaded but I can't get any code in it to execute. any nudges or hints would be appreciated.

    Welcome to the club mate :sweat_smile:
    Same here, got all pieces together but nothing is happening... once got a ping back and thats it.... stopped working since

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • Any hints for the foothold ? I saw the ya** system, and my payload seems to be "interpreted" as my ht** server displayed some interesting things, but I always get an http 500 error.

  • edited February 17

    Hi friends I have user account any" hint on root "

    Hack The Box

  • edited February 17

    @Aquilino said:
    Hi friends I have user account any hint on root

    I already got it

    id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:/tmp#

    i like machine

    Hack The Box

  • Completed it, thanks to @1z3n

    If you need help send a PM.

  • Nice box, finally root, thanks to @IvanV for the final push across the finishing line!
    Thank you to the box creator @felamos

    For those that are stuck.

    Don't give up. When I started this box, I had little knowledge of the technologies at play. I literally googled everything.

    Foothold.
    Research what you see, you will find some good resources that will help you with RCE. If you get a 500 error, READ THE ERROR MESSAGE!

    User.
    Standard enumeration of the box, you should know where to look for something interesting.

    Root.
    Look at what you can do and how you can lead something down a different path. You need to change 1 thing. Your location is important!

    PM if you need a nudge. Good luck.

  • Finally made it. Root killed me for sure. My hint would be checking out a couple of different outputs for the w file. I had two different results, which ended up making all the difference. Thanks @jbob for the final push and @felamos for the box.
    DM for nudges.

    Harbard

  • rooted. thanks @felamos for a fun box.

    lots of good hints in the thread above. for the final step I would add that if you have the right tool, getting the strange file to do what you want isn't too difficult.

    PM if you need help.

  • edited February 19

    Rooted !

    Nice box, definitely easier to modify original file for root.

    PM if needed :)

  • Hey, can anyone help me? Having trouble with my payload. Don't want to leave any spoilers so if I can DM that'd be great.

  • edited February 20

    Finally rooted. Thanks @felamos for the box! The amount of things I learned in this box is insane. Root was pretty hard for me, and capturing that flag was the most satisfying thing ever...

    Foothold

    Google like your life depends on it. Take your sweet time to read all the way through the articles you find until things work.


    User

    Enumeration. That's it. Don't be like me, I literally saw what I needed to see and completely missed it. Wasted hours because of it...


    Root

    Look for something nice. See what it does and where the things it uses are. Maybe try to see things differently and change some stuff. The place you are does matter .


    Feel free to PM for nudges :)

    imClara

  • Does anyone know why I can't sumbit flag?
  • edited February 23

    Initial:
    Getting RCE is easy if you enumerate and investigate like with any box. It's pretty obvious and there are a lot of resources available to get you up to speed.

    User:
    haven't seen it mentioned here, but those that are after a reverse shell don't need one - you can go straight to user from RCE. The application's thread process behavior isn't super conducive to grabbing reverse shells. I didn't want to mess with it and I recommend you don't either, so poke around.

    Administrator:
    Root is really simple once you figure the quickest way to write what you need. You have a LOT of choices, so it's really whatever you're comfortable with, but one was particularly easy, imo. my root payload was 6 lines long and less than 30 characters total. don't overthink it. there are way easier ways to satisfy what you need than editing anything you find on the box, so don't drown yourself in that if it isn't clicking.

Sign In to comment.