Frolic

AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

Thx to IPPSEC for this video

At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes

@Sekisback said:
AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

Thx to IPPSEC for this video

At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes

Same feeling as you :smiley:

But for user I couldn’t have a shell as I want it but it worked in the end of the day

I am sooo close getting root! Is anyone available for PM?

EDIT: Solved

Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

The output isn’t completely random - read about Magic Numbers :slight_smile:

Well, what am I going to say…
I didn’t like the way to get user, although the last step with the zip-file was nice for learning one or two things.
Also root was really nice, I never had to use this technique before, so it was good to learn something new.
My hint for everyone is really to watch IppSec’s video on “October”, you can own root even with zero foreknowledge only using that video. (So I mean zero foreknowledge on Buffer-Overflow, some programming skills are really recommended)

If you need further hints just PM me, but please only questions regarding root, I don’t fully remember the steps to decode that gibberish for the user xD

.

Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

@r1cin said:

@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

The output isn’t completely random - read about Magic Numbers :slight_smile:

and for a little insight with this like was said earlier talk to the zookeeper have his friend interpret it for you but remember to ask him for the write bytes and the magic is all in the first few bites also when the friend of the zookeeper is contacted make sure you ask him about the pickle bites I heard there good

@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

I managed to get some help via chat perfect loving the site

got the index.php, finally stuck at +++++ SKIP ++…< , no result for decode
is this wrong way ?

EDIT: got user flag

@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

I managed to get some help via chat perfect loving the site> @TonyWong said:

got the index.php, finally stuck at +++++ SKIP ++…< , no result for decode
is this wrong way ?

your stuck were I was now just look at that file for a few minutes and try to figure out what that is hint it can be decoded as is you know the zookeepers friend is great at determining what type of data hes dealing with

and just in case You haven’t figured it out I said this to someone that helped me if they are going to b*f me 2 times I hope I at least get a reach around :slight_smile:

no idea on how to decode the ???!!!?-message D:

read all pages of this thread it will def give you the answer

I am stuck on the …!? thing as well. Read the whole thread, looking in various EL places but getting nowhere at all. I have tried all sorts of stuff, read all about BrF and some of its derivatives. Clearly I am just dense or something, and would hate to abandon the box since it otherwise looks pretty fun. Could someone PM me and offer a bit of a clue.

Thanks

Edit: Thanks for the tip :+1:

(6) What a CTF…
Took Whole 3 days with help
Learned little bit of BOF

Is there meant to be a webserver on this box? Can’t find any HTTP ports open?

If anyone can send me a message with the initial foothold, did some enumeration but can only find 5 TCP Ports open, and unsure on where to go from here. 1 UDP port too. Any help would be great

Im stuck on the /asdiS********* code, i decoded it and it gave me a bunch of random characters and index.php twic ,i read it is something with magic numbers but i dont figure out what to do next