Official Ophiuchi Discussion

135

Comments

  • Thanks for the accurate difficulty, btw! Many HTB difficulty ratings are WAY off, but this was pretty spot-on. User wasn't hard, root took some documentation reading and a bit of hands-on work - that's about where a medium should be, in my opinion :)

  • edited February 23

    Got the root but by taking an advance of a w**** file somebody else had left lying around since I thought it was just one of the examples. Apparently it wasn't since I was a bit bothered and came back later to test if my theory was right only to find myself being wrong. Now I'm struggling to find a proper way for root. I shouldn't have to compile my own binary, should I?

    edit. found the correct way by doing a little research.

  • Type your comment> @riceman said:

    Administrator:
    Root is really simple once you figure the quickest way to write what you need. You have a LOT of choices, so it's really whatever you're comfortable with, but one was particularly easy, imo. my root payload was 6 lines long and less than 30 characters total. don't overthink it. there are way easier ways to satisfy what you need than editing anything you find on the box, so don't drown yourself in that if it isn't clicking.

    @riceman do you mind if I PM you? I'd like to take a look at these 6 lines long payload you had. I believe I tried that route for quite a few hours without much success. I am curious for what I was missing.

    Side note: I then decided to try the edition approach and it took me about 10 minutes to get to root. (Starting from a google search for the correct format, to editing the file, to getting the flag).

  • Finally Rooted .Root took a while but good box overall.

  • @damnc said:

    @riceman do you mind if I PM you? I'd like to take a look at these 6 lines long payload you had. I believe I tried that route for quite a few hours without much success. I am curious for what I was missing.

    Sure, if you've already solved then shoot me a message.

  • uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~#

    Good box ! I liked a lot.

    Hack The Box

  • Rooted! Had a little hard time on the initial foothold, but learnt something new! Great box! thx!

  • Rooted, quite an easy box actually!

    Foothold: check the request and play with it
    User: old vulnerability, search for it
    Root: Never played with go, but i think its doable with a bit of research. When exploiting binaries what is the most useful thing?! (i think it is the source code :p )

    Pm me if needed (but at least have concrete questions)!

  • Wow. That was a fun box for sure. Foothold took me longer than it should have, but I got there.
    Root was a learning experience.
    Thank you!

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • edited February 24

    Just rooted this box... although, it'd be more accurate to say, "I got the flag"...

    I couldn't get my version of the "attack script" to pop a reverse shell; I knew my script was being executed, because I got it to run id and saw the expected result. Try as I might, though, I couldn't get my reverse shells to work. In the end, I just catted what I needed. Like I say, I got the flag, but don't really feel that I "got root", if that makes sense...

    If anyone here did manage to get a rev shell to work (or get in as root), would you mind sharing how, via PM, please?

  • If anyone here did manage to get a rev shell to work (or get in as root), would you mind sharing how, via PM, please?

    I gotchu!

  • Type your comment> @riceman said:

    I gotchu!

    Thanks, @riceman for showing me how to get "true" root, not just the flag!

  • first box i managed to do without any hints. very straightforward , just needed some googlefu to figure everything out. enjoyed it a lot , thanks for the box!

  • edited February 26

    finally rooted, what a ride to root, completely new territory for me, took me a while to understand how to feed the export method exactly.

    if anyone need help, just pm me.

    sec77

  • Enjoyed this box. Tip for foothold - if youre getting a 5** error READ THE WHOLE ERROR DUMP. Not just the titles. I wasted more than an hour making that mistake

  • Thanks @felamos, I had a great time :)
    What was particularly satisfying was how easy it was to get the foothold because the last time I had to deal with that kind of vuln, I struggled a lot to get it working. It feels good to see some progress on my end !
    If anyone successfully managed to get his or her own crafted file working for the last part, I'd be happy to know. I tried several things but kept hitting segfaults.

    dragonista

  • For root part, i understood what needs to be done but was in the wrong place. i got the root flag after going to the right place. But can some give me more understanding about why the place mattered here. i didn't get that part very well. send me a explanation in Pm. Thanks @felamos for this box, learnt a lot on this one.

  • Nice box, foothold and user is easy. Root trick was new to me but didn't take much after bit of google fu. Thanks for nice box.

  • regarding foothold. Lots of people are talking on it's simplicity but I had trouble getting shell to work. Specifically issues with my Simp******erver not working for whatever reason(maybe needed dif port? not sure) Anyway another python library program and that helped A LOT..
    second, people talk a lot about the 500 error and reading the error messages, but for me that didn't really help. maybe I'm to thick for I couldn't figure out why something didn't link? All files were called 200 so giving up I ended up using a different resource than the one giving the 500. that helped.
    to root. i go

  • Pretty fun box. Definitely learned something new even if a lot of it was already on Github.

    I had never heard of the thing needed for root before this - but it is fascinating.

    Thanks @felamos - I actually enjoyed reading up on this.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable...

  • Type your comment> @m1tch404 said:

    Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable...

    The link works fine and plus that's not the only tool on GitHub that you can use to edit the binary..

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • @m1tch404 said:

    Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable...

    That seems to still be available on github but to confirm @sicario1337's point - I didn't use this tool.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @m1tch404 said:

    Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable...

    Just go up a dir or two with that link, then you find the repo. But you don't really need it anyway.

  • Thanks you all for your returns but didnt need this tool, actually it is used by the only program I can run (don't want to spoil) --> line 5 in the import section. So it returns me a "cannot find package" error...

  • edited March 13

    Foothold: Don't believe everything. And google is your friend. Actually read the errors.

    Local: Very basic enum.

    root: More basic enum to find the obvious goal. Getting the ball over the finish line takes a bit of studying. The creators of this technology have everything you need.

  • Just rooted the box. Feel free to pm me for questions.

    Hack The Box

  • Hello, I have some trouble with my reverse shell.
    The server downloads the "META-/s****/****..Factory and snake/***.class but I don't think the payload is running...
    Can I have some hint ? :smile:

  • Type your comment> @m1tch404 said:

    Thanks you all for your returns but didnt need this tool, actually it is used by the only program I can run (don't want to spoil) --> line 5 in the import section. So it returns me a "cannot find package" error...

    The program you're talking about can definitely be executed. I haven't solved how to get it to do what I want yet, but you should double check...
    You can run that program without importing/installing anything. Don't know if the thing it is importing will be useful later, though

  • [email protected]:~# id id uid=0(root) gid=0(root) groups=0(root)
    Very good machine, I have learned a lot in the process to get root. Recommended to find a way to make the m.w file "understandable". Any hints PM.

    Hack The Box

Sign In to comment.