Frolic

Really Close: I think I need that final nudge. I copied the binary to my Kali 32 bit, followed the instructions on that IPPSEC video. Crafted the exploit with the system address, a random exit address and the /bin/sh address in libc. Ran it on my Kali and it spawned a shell. Exited out of that shell and got segmentation fault which is expected as I used a random exit address. So basically to me, everything is working. Now I copy my python exploit to Frolic and when I run it, it does not spawn a shell and crashes with “Segmentation fault (core dumped)”. What am I missing? I know I am really really close :frowning: Please help.

Type your comment> @sportsfreak said:

Really Close: I think I need that final nudge. I copied the binary to my Kali 32 bit, followed the instructions on that IPPSEC video. Crafted the exploit with the system address, a random exit address and the /bin/sh address in libc. Ran it on my Kali and it spawned a shell. Exited out of that shell and got segmentation fault which is expected as I used a random exit address. So basically to me, everything is working. Now I copy my python exploit to Frolic and when I run it, it does not spawn a shell and crashes with “Segmentation fault (core dumped)”. What am I missing? I know I am really really close :frowning: Please help.

I directly followed ippsecs video and got a shell in first try. Can you me which video you watched?

@D4n1aLLL Got root just now. Missed the offset part. Did not watch the video all the way till the end. Big thanks to @humurabbi for asking me to watch the entire video.

Anybody know why this machine is so unstable ? every 5 minutes everything stops responding. Can’t progress efficiently on that machine because of that… :confused:

Oh My God . It was so sucks. I find id**s . I waste more time on Node-red . But I finally find plas on something else. now I can’t login. I try all I found the users and passwords.
need hint. Please PM me. thanks.

edit: login success.

misc challenge is very helpful for this machine.and I complete all misc challenge. so I quickly found cert. But I waste more time to find pl****s.I did a subdirectory scan。but I
Stupidly append path to subdirectory and I got 404. my god. I know I am in finally step to get user.but why I can’t login. ummmmmmmmm. Please PM me .

Can anyone help me with getting user? I have creds I just don’t know what to do with them.
Edit: I got user and root.

If someone else that got root would tell me their approach, I’d be interested.

Rooted!!! Interesting challenge, lot of learning from this box. If you need some hint to do this please PM me. Im glad to help as anyone that help me to solve it.

Got user

Whenever I try to u*p the file, it says "its not a archive. I have taken the base64 code and converted it to hex. After which I created a z file using vi hex mode and pasted the hex code obtained.

But its not working, can someone help? What am i doing wrong?

So I figured out what to do with the second weird strings and got a new one now… ughh stuck on this point. PM me please I need help :frowning:

Type your comment> @positivevibes said:

So I figured out what to do with the second weird strings and got a new one now…

Got me beat, I am still stuck on the second weird string! Could use some advice where to look to figure that one out,please!

need help in prevesc

someone can helpme?
i have one passw or i think this, but no have usr.
and no have more ideas.

Rooted! Very fun BOF exercise at the end too. Finally learned the basics of ROP haha. I’m really conflicted about this box since I didn’t enjoy the process to get user at all… but privesc was incredibly fun!

ok, decoded a bunch of strings to get an index file. But it wont open when I use Cyberchef, and the z.i.p says it has a password when I use another decoder// Very frustrating first box for me. Are all of them like this one?

Rooted. I don’t like those CTF-ish box.
I would not recomand this one to beginners on this website.
Rooted the BoF way, I am super curious to know other ways to root the box. Feel free to PM about that, I would be glad to read your way of rooting it.

Tips for the BoF :

ldd --version will be your friend (then → https://libc.blukat.me/ – scroll down)

If you are stuck, read WU about other standard ret2libc. You can PM me about that also.

Tips for user part :

Google for esoteric languages :wink:

Went from really annoying CTF challenges to pretty basic yet fun privesc.

So I found the baup/ dir and I see what looks to be breadcrumbs to a lp/ that says not authorized. Im trying to figure out how to dig into this but unsure what direction to move in! Any help would be fabs!

Where Oh Where to use these credentials.