Frolic

r0073d

Hey, found PlS and user/password creds on the http port, but lost on what to do from here…any help is really welcome!

I’m just too stupid.
I have access to the A**** Panel and also have created an S*****. I’ve tried everything on Tri***** and Ite**. But I don’t get it executed.
Please PM so that I can make the first step towards user

Edit: Wrong Forum sorry ! :frowning:

Just wanted to say a big thank you to @sahay for this box. I actually quite enjoyed the initial “challenge” and got through it really quickly, but then got stuck for a few hours due to not checking my dirb output carefully enough. Doh! Mental note made for the future!!! :slight_smile: After getting user I had an idea what I needed to do, but having never done anything like it before I needed to do some research. Thanks to everyone who mentioned the video for a previous box. I watched that super carefully, did a bit of work and then Boom! Rooted! :smiley: From reading some of the other comments here I’m pretty sure people are going to read what I’m going to say next and think “WTF has she been smoking” lol but I loved this box, I think it’s been my favourite so far :open_mouth: Great little root challenge and a nice little intro to BOF. Definitely learnt a few things from it.

Stuck at the ?.! message. PM me please !
Thanks in advance

Rooted thanks @dionero for the hint provided in the comments. Its enough for privesc of frolic

Any hints for root reverse shell ? I already got root.txt

How can you get root.txt without having a shell?

Enjoyed this box. Well not the user part but root was a good recap for some BOF.

Last time I did a good BOF was Calamity which was a lot harder than this one but just shows if you dont use it you lose it.

Was good learning how to obtain address without a certain program. Thanks to IPPSEC for that.

If you’re stuck: Get it working exactly the same way on your host as you intend to on Frolic, that includes your method for getting addresses.

Hello guys I’m trap in this box I found that password I dont know if is a rabbit hole like the login on 1880/red but I don’t find where to login whit that pass I enumerate a lot in directory and subdirectory but nothing I try on s…t but nothing, I don’t know any hint should be appreciated please give me PM THANKS

Guys please can someone PM I’m trap with this long code I dont find the way to decrypt, even I dont know what it is can some please give me a hint were to decode.

HI, I’m stucking on frolic priv esc path.the one problem for me is Gdb is not here. Can you give me some help and tips about this machine, brothers?

good idea google: http://cipherfrolics.com/ thanks for that hint

Hello guys Im trying to get root with b…o…the script is like in O…R IPPSEC, I have the system,exit,and bash I run the code but nothing is happening… I dont know where is the issue I can not figure out… I I’ll really appreciate a message in PM
Thank you in advance

got root, nice box for training some skills. ( gef plugin helps a bit)

HI, I got some pwds and user for the pl***** page but it’s not working. I reset the box and also tried multiple users but still not getting in. Could someone please PM me to validate correct user?

EDIT: so I tested the access using msfconsole and it worked, so could someone please confirm if the webaccess to Pl***** should work or not? Thanks.

PP

Really Close: I think I need that final nudge. I copied the binary to my Kali 32 bit, followed the instructions on that IPPSEC video. Crafted the exploit with the system address, a random exit address and the /bin/sh address in libc. Ran it on my Kali and it spawned a shell. Exited out of that shell and got segmentation fault which is expected as I used a random exit address. So basically to me, everything is working. Now I copy my python exploit to Frolic and when I run it, it does not spawn a shell and crashes with “Segmentation fault (core dumped)”. What am I missing? I know I am really really close :frowning: Please help.

Type your comment> @sportsfreak said:

Really Close: I think I need that final nudge. I copied the binary to my Kali 32 bit, followed the instructions on that IPPSEC video. Crafted the exploit with the system address, a random exit address and the /bin/sh address in libc. Ran it on my Kali and it spawned a shell. Exited out of that shell and got segmentation fault which is expected as I used a random exit address. So basically to me, everything is working. Now I copy my python exploit to Frolic and when I run it, it does not spawn a shell and crashes with “Segmentation fault (core dumped)”. What am I missing? I know I am really really close :frowning: Please help.

I directly followed ippsecs video and got a shell in first try. Can you me which video you watched?

@D4n1aLLL Got root just now. Missed the offset part. Did not watch the video all the way till the end. Big thanks to @humurabbi for asking me to watch the entire video.

Anybody know why this machine is so unstable ? every 5 minutes everything stops responding. Can’t progress efficiently on that machine because of that… :confused:

Oh My God . It was so sucks. I find id**s . I waste more time on Node-red . But I finally find plas on something else. now I can’t login. I try all I found the users and passwords.
need hint. Please PM me. thanks.

edit: login success.