Frolic

Logged into pl*****s site. worked around the csv file. Please PM how to get user

@sesha569 said:
Need help regarding rop. I got the system, exit, libc. So do we need offset as well? this is my first ROP. little bit confused. Saw the Oc****br IPPSec video. In that ASR enabled. So here it’s not there. so got confused.
Any hints here? Thanks in advance.

Got root. PM me if you need hints.

Feel free to PM me if you’re struggling with the priv esc.

AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

Thx to IPPSEC for this video

At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes

@Sekisback said:
AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

Thx to IPPSEC for this video

At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes

Same feeling as you :smiley:

But for user I couldn’t have a shell as I want it but it worked in the end of the day

I am sooo close getting root! Is anyone available for PM?

EDIT: Solved

Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

The output isn’t completely random - read about Magic Numbers :slight_smile:

Well, what am I going to say…
I didn’t like the way to get user, although the last step with the zip-file was nice for learning one or two things.
Also root was really nice, I never had to use this technique before, so it was good to learn something new.
My hint for everyone is really to watch IppSec’s video on “October”, you can own root even with zero foreknowledge only using that video. (So I mean zero foreknowledge on Buffer-Overflow, some programming skills are really recommended)

If you need further hints just PM me, but please only questions regarding root, I don’t fully remember the steps to decode that gibberish for the user xD

.

Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

@r1cin said:

@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

The output isn’t completely random - read about Magic Numbers :slight_smile:

and for a little insight with this like was said earlier talk to the zookeeper have his friend interpret it for you but remember to ask him for the write bytes and the magic is all in the first few bites also when the friend of the zookeeper is contacted make sure you ask him about the pickle bites I heard there good

@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

I managed to get some help via chat perfect loving the site

got the index.php, finally stuck at +++++ SKIP ++…< , no result for decode
is this wrong way ?

EDIT: got user flag

@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

I managed to get some help via chat perfect loving the site> @TonyWong said:

got the index.php, finally stuck at +++++ SKIP ++…< , no result for decode
is this wrong way ?

your stuck were I was now just look at that file for a few minutes and try to figure out what that is hint it can be decoded as is you know the zookeepers friend is great at determining what type of data hes dealing with

and just in case You haven’t figured it out I said this to someone that helped me if they are going to b*f me 2 times I hope I at least get a reach around :slight_smile:

no idea on how to decode the ???!!!?-message D:

read all pages of this thread it will def give you the answer

I am stuck on the …!? thing as well. Read the whole thread, looking in various EL places but getting nowhere at all. I have tried all sorts of stuff, read all about BrF and some of its derivatives. Clearly I am just dense or something, and would hate to abandon the box since it otherwise looks pretty fun. Could someone PM me and offer a bit of a clue.

Thanks

Edit: Thanks for the tip :+1:

(6) What a CTF…
Took Whole 3 days with help
Learned little bit of BOF