Smasher

@drtychai said:

@n1b1ru said:

@madcap said:

@pykler said:
I got initial larger foothold smasher and then lost the way to get in. Was wondering, is it someone on the box that deleted my “larger foothold” or was it some reset and the foothold i received was an artifact from a previous hack? Do I need to create the ? or is the ? supposed to be there?

Are you able to run commands on server? I’m only able to read…

Neither do I. Just read whole files… I don’t find anything relevant in order to enter into

Think about the name of the box and look at the files again.

Anything like BOF ?

@macw141 said:
This machine slowly becomes my … obsession.
I’m currently at the point where I have already necessary gs (I think) and I can execute them with enabled A, however I cannot finalize my exploit, because it crashes when I try to get what I need (in lets say a few “steps”) to get shell.
If there is someone at the same point or further, then I would appreciate discussion or hint about this.

removed

that box requires deep search

@macw141 said:

@sbridgens said:
by reading the files i found what i believe is the right piece i need, now to develop the poc and start debugging… curiouser and curiouser

This machine is harder than I thought. BF does not seem to be the right way (on my own environment is already running second hour with 7 requests per second (I get DOS when I try faster). It was rather not meant to be BF for hours.
There must be another way. I found some “attachments” which look quite promising.

Have not tried BF as I started working on a different angle with a running service but not sure if thats the right way to go yet have not had any time since posting previously so obviously gone no further as yet.

@sbridgens said:

@macw141 said:

@sbridgens said:
by reading the files i found what i believe is the right piece i need, now to develop the poc and start debugging… curiouser and curiouser

This machine is harder than I thought. BF does not seem to be the right way (on my own environment is already running second hour with 7 requests per second (I get DOS when I try faster). It was rather not meant to be BF for hours.
There must be another way. I found some “attachments” which look quite promising.

Have not tried BF as I started working on a different angle with a running service but not sure if thats the right way to go yet have not had any time since posting previously so obviously gone no further as yet.

As somebody mentioned earlier - quite a lot of research is needed to exploit this machine (not sure about root, cause I’m not there yet, but definitely for user). This is quite tricky exploitation. For someone who is not REALLY familiar (really advanced would be more appropriate here) with low level exploitation, requires a lot of work.

This machine requires some pretty advanced techniques, though not all advanced techniques, as enumeration reveals. I see the path to success but still need to work on mastering those techniques.

This is a really good VM for mastering a lot of different tricks and tools. Even if I fail to get a shell (I don’t plan on failing but…) I will have gained a ton of useful knowledge.

stuck at crypto part…someone who want discuss about that in priv?
for people that are stucked at web part if need hint just write me in priv.

I went through crypto, I can execute one or two gXXXXXs (wth enabled AXXX) and … thats all. Technically I have everything to get shell with gXXXXXs only. Everything, but … a long enough buffer. I though several times that I have it, but still not yet.

solved the crypto!! this machine is so cool!!! if somebody want discuss about it write me in priv.

hi can i have a hint plz. im really stuck on bof.

@paw said:
solved the crypto!! this machine is so cool!!! if somebody want discuss about it write me in priv.

Did not complete yet (no time lately), but it looks like the only way is to be very “economical” with buffer space. Did you manage to execute code on the sXXXX or got shell using gXXXXXs only?

@macw141 said:

@paw said:
solved the crypto!! this machine is so cool!!! if somebody want discuss about it write me in priv.

Did not complete yet (no time lately), but it looks like the only way is to be very “economical” with buffer space. Did you manage to execute code on the sXXXX or got shell using gXXXXXs only?

hint for this one is… “I really don’t care about Nx”

@paw said:

@macw141 said:

@paw said:
solved the crypto!! this machine is so cool!!! if somebody want discuss about it write me in priv.

Did not complete yet (no time lately), but it looks like the only way is to be very “economical” with buffer space. Did you manage to execute code on the sXXXX or got shell using gXXXXXs only?

hint for this one is… “I really don’t care about Nx”

Not sure what you mean. In fact It looks like it indeed does not matter, but so far the only way I see is to develop as it was enabled (but is not).

@macw141 just write me in priv if u want help

I have an account password, the user flag and an encryption key. Hint welcome to become root…

anyone wants to put me in right direction? i got login page not sure if i am on a right path… doesnt seems to me and looks like rabbit hole

Wow this one looks interesting. Have worked out what I have to do but its gonna involve some study :+1:

reading through previous posts is a little confusing. I think I have a small idea on how to get shell on box. but my method is not registering how I thought it would, anyone able to offer me help at all? PM pls.

This box really does it’s name worth, Smashes head against wall

Started long time ago, but somehow, even knowing what to do, cannot complete required dev work (mostly lack of time). Perhaps coming weekend.
Machine is indeed very nice.