Frolic

Whenever I try to u*p the file, it says "its not a archive. I have taken the base64 code and converted it to hex. After which I created a z file using vi hex mode and pasted the hex code obtained.

But its not working, can someone help? What am i doing wrong?

So I figured out what to do with the second weird strings and got a new one now… ughh stuck on this point. PM me please I need help :frowning:

Type your comment> @positivevibes said:

So I figured out what to do with the second weird strings and got a new one now…

Got me beat, I am still stuck on the second weird string! Could use some advice where to look to figure that one out,please!

need help in prevesc

someone can helpme?
i have one passw or i think this, but no have usr.
and no have more ideas.

Rooted! Very fun BOF exercise at the end too. Finally learned the basics of ROP haha. I’m really conflicted about this box since I didn’t enjoy the process to get user at all… but privesc was incredibly fun!

ok, decoded a bunch of strings to get an index file. But it wont open when I use Cyberchef, and the z.i.p says it has a password when I use another decoder// Very frustrating first box for me. Are all of them like this one?

Rooted. I don’t like those CTF-ish box.
I would not recomand this one to beginners on this website.
Rooted the BoF way, I am super curious to know other ways to root the box. Feel free to PM about that, I would be glad to read your way of rooting it.

Tips for the BoF :

ldd --version will be your friend (then → https://libc.blukat.me/ – scroll down)

If you are stuck, read WU about other standard ret2libc. You can PM me about that also.

Tips for user part :

Google for esoteric languages :wink:

Went from really annoying CTF challenges to pretty basic yet fun privesc.

So I found the baup/ dir and I see what looks to be breadcrumbs to a lp/ that says not authorized. Im trying to figure out how to dig into this but unsure what direction to move in! Any help would be fabs!

Where Oh Where to use these credentials.

Hello, I have idk*********s and enumerated the high http port but found nothing yet, I mean I found 4 dirs (one of them is loop) but found nowhere to use the pass. I’ve also found other service (brazilian dance) but doesn’t seem to be the way.
What am I missing?

I’ve also enumerated subdirs for every dir I’ve mentioned before. I’m stuck now, I’d appreciate any hint or nudge you can give me.
Thank you!

Oh! Almost forgot I also have a pair of creds, usr/pass, found in b****p dir but nowhere to use them.
I’m completely lost.

Edit: Done user! Thank you @clmtn

Hi guys, I have found the two pairs of credentials + the “idk” password.

Have enumerated directories as much as I could, using both Gobuster and Dirb, used different wordlists (for both directories, files) and still can’t find that login page for “ps" that everyone seems to find. I have found the "ps” directory but it just returns a 404 + I have tried to enumerate files and further directories from that one, with no success.

I keep running into those loop directories which are recursive up to a certain point, but I have a feeling that is just a rabbit hole.

Would appreciate a PM on which direction I should go :frowning:

I successfully logged-in p**YS*S.

Now how to get user? can’t able to determine p**YS*S version.

What type of shell I should here i.e bind or reverse.

what interface I need to use i.e eth0 or tun0.

I used metasploit but it starts reverse handler and then it shows “Exploit completed but no sessions was created”.

Please help

Type your comment> @laxudope said:

I successfully logged-in p**YS*S.

Now how to get user? can’t able to determine p**YS*S version.

What type of shell I should here i.e bind or reverse.

what interface I need to use i.e eth0 or tun0.

I used metasploit but it starts reverse handler and then it shows “Exploit completed but no sessions was created”.

Please help

I googled p******S vulns and found a git repo with a usefull script. :wink:

One should always google first, as a rule.

Good Luck!

this box is not frolic at all. regarding user searchsploit p*****s will also help

Took a few days, but finally popped this one. And although enjoyable (Maybe not so much at at the time) it shouldn’t have been the first one I attempted.

rooted :slight_smile: It was made difficult by removing gdb.

Thanks @clmtn for the help.

hint for r*p bof 52 in magic number

Anyone able to gimme a hand for root? Messing with this BOF Now and I’ve made some progress but unsure on where to go from here

EDIT:
Nvm rooted :stuck_out_tongue: Was my first BOF and managed to get it done with no hints. Just lots of research

Can anyone provide some hints? Have decode the …/? and now onto the second one but can’t get it to anything useful.