@Sekisback said:
AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.
Thx to IPPSEC for this video
At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes
Same feeling as you
But for user I couldn’t have a shell as I want it but it worked in the end of the day
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?
@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?
The output isn’t completely random - read about Magic Numbers
Well, what am I going to say…
I didn’t like the way to get user, although the last step with the zip-file was nice for learning one or two things.
Also root was really nice, I never had to use this technique before, so it was good to learn something new.
My hint for everyone is really to watch IppSec’s video on “October”, you can own root even with zero foreknowledge only using that video. (So I mean zero foreknowledge on Buffer-Overflow, some programming skills are really recommended)
If you need further hints just PM me, but please only questions regarding root, I don’t fully remember the steps to decode that gibberish for the user xD
Ok so here is the situation I made an incorrect thread called wow that I meant to put here
So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?
@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?
The output isn’t completely random - read about Magic Numbers
and for a little insight with this like was said earlier talk to the zookeeper have his friend interpret it for you but remember to ask him for the write bytes and the magic is all in the first few bites also when the friend of the zookeeper is contacted make sure you ask him about the pickle bites I heard there good
@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here
So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?
I managed to get some help via chat perfect loving the site
@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here
So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?
I managed to get some help via chat perfect loving the site> @TonyWong said:
got the index.php, finally stuck at +++++ SKIP ++…< , no result for decode
is this wrong way ?
your stuck were I was now just look at that file for a few minutes and try to figure out what that is hint it can be decoded as is you know the zookeepers friend is great at determining what type of data hes dealing with
and just in case You haven’t figured it out I said this to someone that helped me if they are going to b*f me 2 times I hope I at least get a reach around
I am stuck on the …!? thing as well. Read the whole thread, looking in various EL places but getting nowhere at all. I have tried all sorts of stuff, read all about BrF and some of its derivatives. Clearly I am just dense or something, and would hate to abandon the box since it otherwise looks pretty fun. Could someone PM me and offer a bit of a clue.
If anyone can send me a message with the initial foothold, did some enumeration but can only find 5 TCP Ports open, and unsure on where to go from here. 1 UDP port too. Any help would be great
Im stuck on the /asdiS********* code, i decoded it and it gave me a bunch of random characters and index.php twic ,i read it is something with magic numbers but i dont figure out what to do next
@SilkySparrow said:
Im stuck on the /asdiS********* code, i decoded it and it gave me a bunch of random characters and index.php twic ,i read it is something with magic numbers but i dont figure out what to do next
if you decode it and save the output to a file, what type of file is it?