Frolic

Well, what am I going to say…
I didn’t like the way to get user, although the last step with the zip-file was nice for learning one or two things.
Also root was really nice, I never had to use this technique before, so it was good to learn something new.
My hint for everyone is really to watch IppSec’s video on “October”, you can own root even with zero foreknowledge only using that video. (So I mean zero foreknowledge on Buffer-Overflow, some programming skills are really recommended)

If you need further hints just PM me, but please only questions regarding root, I don’t fully remember the steps to decode that gibberish for the user xD

.

Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

@r1cin said:

@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

The output isn’t completely random - read about Magic Numbers :slight_smile:

and for a little insight with this like was said earlier talk to the zookeeper have his friend interpret it for you but remember to ask him for the write bytes and the magic is all in the first few bites also when the friend of the zookeeper is contacted make sure you ask him about the pickle bites I heard there good

@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

I managed to get some help via chat perfect loving the site

got the index.php, finally stuck at +++++ SKIP ++…< , no result for decode
is this wrong way ?

EDIT: got user flag

@huntingbugs said:
Ok so here is the situation I made an incorrect thread called wow that I meant to put here :astonished:

So I fixed the problem I had encountered but directly ran into another one Im eager to poke this beast I’m just wondering what in the good f**k do You do with that index.php file its like a whole bunch of bytes any nudges?

I managed to get some help via chat perfect loving the site> @TonyWong said:

got the index.php, finally stuck at +++++ SKIP ++…< , no result for decode
is this wrong way ?

your stuck were I was now just look at that file for a few minutes and try to figure out what that is hint it can be decoded as is you know the zookeepers friend is great at determining what type of data hes dealing with

and just in case You haven’t figured it out I said this to someone that helped me if they are going to b*f me 2 times I hope I at least get a reach around :slight_smile:

no idea on how to decode the ???!!!?-message D:

read all pages of this thread it will def give you the answer

I am stuck on the …!? thing as well. Read the whole thread, looking in various EL places but getting nowhere at all. I have tried all sorts of stuff, read all about BrF and some of its derivatives. Clearly I am just dense or something, and would hate to abandon the box since it otherwise looks pretty fun. Could someone PM me and offer a bit of a clue.

Thanks

Edit: Thanks for the tip :+1:

(6) What a CTF…
Took Whole 3 days with help
Learned little bit of BOF

Is there meant to be a webserver on this box? Can’t find any HTTP ports open?

If anyone can send me a message with the initial foothold, did some enumeration but can only find 5 TCP Ports open, and unsure on where to go from here. 1 UDP port too. Any help would be great

Im stuck on the /asdiS********* code, i decoded it and it gave me a bunch of random characters and index.php twic ,i read it is something with magic numbers but i dont figure out what to do next

@SilkySparrow said:
Im stuck on the /asdiS********* code, i decoded it and it gave me a bunch of random characters and index.php twic ,i read it is something with magic numbers but i dont figure out what to do next

if you decode it and save the output to a file, what type of file is it?

I did something really stupid on this box.I got the user few months before.Now i only have the “Password” stored in my Notes.I forgot the username to login with.
I still had to root the machine.You can visit my profile if you find something wrong.
if anyone is willing to help it would be great.
You can ignore if this seems nonsense to you.

how to find the address. beacuse there is not g** installed. Any hint

All you need is a tool to list dynamic dependencies and probably grep to find the offset to the gadgets you need, and you have your address. That’s possible because A**R is disabled.

root