Oz

Om Nom Nom

“You’re just trying too hard… nobody hides anything in base64 anymore… c’mon.”

@ozymandias said:

@bobthebuilder said:
YOU HAVE NO POWER HERE! :slight_smile:

Is this useful? I found it too. But no success in anything. Googling i found a snippet of the script of the The Wizard of Oz (1939) with a same line in the script. Maybe there is something there or not…

The fact that it is not pwned yet, after so many hours, shows the difficulty i think…

No, its not useful. I’m just pasting random funny bits I find along the way…

“You are just wasting time now… someone else is getting user.txt”
“Look… now they’ve got root.txt and you don’t even have user.txt”

Funny stuff :wink:

@bobthebuilder said:
“You are just wasting time now… someone else is getting user.txt”
“Look… now they’ve got root.txt and you don’t even have user.txt”

Funny stuff :wink:

hahaha… :wink:

\x is this some encoding any guess or deadend

you get so much info from the box, even limited file access, still not in.Probably another facepalm after I know how 8D

@D4Vinci said:

it gives random strings for any unknown routes making it nearly impossible to enumerate.

Yes, the application has a custom 404 errorhandler (like another active challenge)
To enumerate, do not use the GET method. It’s possible to find a route with a name like ‘/??e?s’ and maybe others.

Keep in mind that everything may be useful later.

This box is a nightmare.

I saw the first blood needed 15 and 18 hours, so much effort for that 30 points. LOL.

Yeah, I have to wonder if it was tested.

@waywardsun said:
Yeah, I have to wonder if it was tested.

100% was tested for 4-5 weeks before submission. All items and “rabbit holes” are working as intended. The box was tested again after submission by the HTB team not for rabbit holes or “unhackable” but does it have a flow, is it stable, are the steps logical to follow. Just gotta look a little harder and try different things. Never rely on a single tool for your enumeration or cracking.

@waywardsun said:
Yeah, I have to wonder if it was tested.

they dont know what medium means, but it’s not new.

@incidrthreat

I think that you created a nice box. For a noob like me it is taking me out of my comfort zone. Probably it will take days or weeks for me even with the help of hints :slight_smile: But always love to play with python boxes.

seems that someone has taken alot of time to hide flags… where ever i go i see dead ends

Does anyone have suggestions on some different tools to use for enumeration? I have used the usual suspects without success. I am not very good with web so some pointers to resources would be appreciated.

Any tips to enumerate this box?

user was fun : )

@ozymandias said:
@incidrthreat

I think that you created a nice box. For a noob like me it is taking me out of my comfort zone. Probably it will take days or weeks for me even with the help of hints :slight_smile: But always love to play with python boxes.

Now that user and root bloods have been taken this is when the novice can take their time and learn from pros like IPPSEC and M0NOC. Each of them have a very distinct methodology and set of tools that work for them in an engagement. Learn from them and you will get it, I assure you. Good luck!

@asifsohail said:
seems that someone has taken alot of time to hide flags… where ever i go i see dead ends

xD Nope. Flags are all in their normal locations unhidden and in plain sight.

@labyrinth said:
Does anyone have suggestions on some different tools to use for enumeration? I have used the usual suspects without success. I am not very good with web so some pointers to resources would be appreciated.

The usual suspects will do just fine, learn to fine tune what you are looking for instead of JUST a 200 response. Be more attentive to what you are receiving and fine tune it to get what you want. :wink: Attention to detail in the enumeration/reconnaissance phase of the Hacker Methodology will go a long way.

@TheNerdOne said:
Any tips to enumerate this box?

The only tip I can give you without spoils or leading you down a wrong bath is this: Pay attention to the small things. The details of what you are receiving from a scan vs what you are expecting. And that everything on this host in intended to operate the way you are seeing it.

@elihtb said:
user was fun : )

I am really glad you thought so. Thanks. Now go get root =D