Frolic

2456714

Comments

  • @LoneW0lf said:
    I'm past the weird chars stage.... but hell this box feels more like a CTF challenge so far :(

    That's because it is.....

    blobbo

  • @blobbo said:

    @LoneW0lf said:
    I'm past the weird chars stage.... but hell this box feels more like a CTF challenge so far :(

    That's because it is.....

    what?

    banteng999

  • I rooted Jerry then started this lol what a difference. I also got creds from http enum and didn't really get anywhere. Same problems mentioned above. I'm guessing you have to use them with smb enum? I got somewhere with that but very little progress and went round in circles. Hours past, im taking a break for now. Welcome any hints. Brute force ssh?

  • @LoneW0lf said:
    I'm past the weird chars stage.... but hell this box feels more like a CTF challenge so far :(

    Can you please pm a hint for the weird characters decoding?

  • hey guys !
    im stuck at after the login is the .!?!! useful or it's just a troll ?

  • @flokii said:
    hey guys !
    im stuck at after the login is the .!?!! useful or it's just a troll ?

    Its definately useful... at least I think it is??
    There is a method to turn it into something else, read the previous posts for some good hints. Think esoterically.

    But, once you turn it into something more usable, it almost looks like a key of some sort, but its not...

    any idea with what to do with the decode ...!? string

  • @jreeves said:

    @flokii said:
    hey guys !
    im stuck at after the login is the .!?!! useful or it's just a troll ?

    Its definately useful... at least I think it is??
    There is a method to turn it into something else, read the previous posts for some good hints. Think esoterically.

    But, once you turn it into something more usable, it almost looks like a key of some sort, but its not...

    any idea with what to do with the decode ...!? string

    Same here, can see some informations when trying to decode (seems to be filename) but cannot get something relevant.

    Any hints ?

  • @banteng999 said:

    @blobbo said:

    @LoneW0lf said:
    I'm past the weird chars stage.... but hell this box feels more like a CTF challenge so far :(

    That's because it is.....

    what?

    This box is a pure CTF challenge IMHO

    blobbo

  • edited October 2018

    chat for hints and discussion

    https://t.me/joinchat/J4Ih9w7rJd0kY_WGdb6ygQ

  • edited October 2018

    the creds you find from 2 different files.. are they supposed to work anywhere?
    edit: ok found some other creds and interesting stuff after all

  • Very CTF-esque machine. Learned something new during escalation though! Thanks for that

  • I have shell, more than the privesc :)

  • so is r*p the key to privesc?

  • @jreeves said:
    so is r*p the key to privesc?

    Yes ! :cold_sweat:

  • edited October 2018

    @Seepckoa said:

    @jreeves said:
    so is r*p the key to privesc?

    Yes ! :cold_sweat:

    I see you can case a overflow by throwing in an argument longer than (redacted) digits and cause eip to become a memory address of you choice.. i guess you could use this to write a custom program that just waits in memory trying to read root.txt and then cause r*p to execute that code... but is this really the way to do it or am i overthinking this

    this is what im going to attempt, and dont get me wrong, it sounds like fun but is a 20pt root really as complicated as this?

    Edit: nvm, im overcomplicating it. this is a path and im making it too tough

  • @jreeves said:

    @Seepckoa said:

    @jreeves said:
    so is r*p the key to privesc?

    Yes ! :cold_sweat:

    I see you can case a overflow by throwing in an argument longer than (redacted) digits and cause eip to become a memory address of you choice.. i guess you could use this to write a custom program that just waits in memory trying to read root.txt and then cause r*p to execute that code... but is this really the way to do it or am i overthinking this

    this is what im going to attempt, and dont get me wrong, it sounds like fun but is a 20pt root really as complicated as this?

    Edit: nvm, im overcomplicating it. this is a path and im making it too tough

    Me personally I try to inject a shellcode in the program I do not know if I'm in the right track.

  • edited October 2018

    Rooted ! :)

  • @Seepckoa said:

    @jreeves said:

    @Seepckoa said:

    @jreeves said:
    so is r*p the key to privesc?

    Yes ! :cold_sweat:

    I see you can case a overflow by throwing in an argument longer than (redacted) digits and cause eip to become a memory address of you choice.. i guess you could use this to write a custom program that just waits in memory trying to read root.txt and then cause r*p to execute that code... but is this really the way to do it or am i overthinking this

    this is what im going to attempt, and dont get me wrong, it sounds like fun but is a 20pt root really as complicated as this?

    Edit: nvm, im overcomplicating it. this is a path and im making it too tough

    Me personally I try to inject a shellcode in the program I do not know if I'm in the right track.

    Im guessing that worked for you? I ended up exploiting a stack overflow.
    RIP rop

  • how can I correctly view .....!.? I've tried everything I can think of to translate from nearly every language in the world and still only get .....!.?

  • is play*** a rabbit hole?

    Hack The Box

  • @0xlc said:
    is play*** a rabbit hole?

    No it's not

  • @0xlc said:
    is play*** a rabbit hole?

    No ! ;)

  • Stuck on the .....!.?. Seen the hints in this discussion, and have previously solved some of the challenges that use ELs, but not finding an EL that actually matches this page/syntax.

    thrash

  • edited October 2018

    @thrash said:
    Stuck on the .....!.?. Seen the hints in this discussion, and have previously solved some of the challenges that use ELs, but not finding an EL that actually matches this page/syntax.

    it may not match exactly.. so just read a bit of the details on EL

  • @opt1kz said:

    @0x29A said:
    Ben the zoo keeper or David the aquarist could probably read it, but they'd have to ask their friend to interpret it.

    This is a very good hint, but it might fly over peoples' heads if they don't know what they're looking for to begin with. So to expand on it a tiny bit: Esoteric languages.

    :+1:

  • @w31rd0 said:

    @thrash said:
    Stuck on the .....!.?. Seen the hints in this discussion, and have previously solved some of the challenges that use ELs, but not finding an EL that actually matches this page/syntax.

    it may not much exactly.. so just read a bit of the details on EL

    Got it. Was on the right track the whole time, and didn't realize it.

    thrash

  • I have passwords (one from decoding the thing). Now I feel silly that I cannot figure out where to use them. I have tried all the 4 obvious services and the color service. Am I missing some enumeration?

  • same as you gl0b0

  • I believe I have found a login cred for the color service , anyone willing to PM to help nudge me in right direction.

    Hack The Box

  • > @DirtyBird said:
    > same as you gl0b0

    And me too, lol
Sign In to comment.