Rooted. I don't like those CTF-ish box.
I would not recomand this one to beginners on this website.
Rooted the BoF way, I am super curious to know other ways to root the box. Feel free to PM about that, I would be glad to read your way of rooting it.
So I found the baup/ dir and I see what looks to be breadcrumbs to a lp/ that says not authorized. Im trying to figure out how to dig into this but unsure what direction to move in! Any help would be fabs!
Hello, I have idk*********s and enumerated the high http port but found nothing yet, I mean I found 4 dirs (one of them is loop) but found nowhere to use the pass. I've also found other service (brazilian dance) but doesn't seem to be the way.
What am I missing?
I've also enumerated subdirs for every dir I've mentioned before. I'm stuck now, I'd appreciate any hint or nudge you can give me.
Thank you!
Oh! Almost forgot I also have a pair of creds, usr/pass, found in b****p dir but nowhere to use them.
I'm completely lost.
Hi guys, I have found the two pairs of credentials + the "idk" password.
Have enumerated directories as much as I could, using both Gobuster and Dirb, used different wordlists (for both directories, files) and still can't find that login page for "p****s" that everyone seems to find. I have found the "p****s" directory but it just returns a 404 + I have tried to enumerate files and further directories from that one, with no success.
I keep running into those loop directories which are recursive up to a certain point, but I have a feeling that is just a rabbit hole.
Would appreciate a PM on which direction I should go
Took a few days, but finally popped this one. And although enjoyable (Maybe not so much at at the time) it shouldn't have been the first one I attempted.
can someone give me some hints? i got one username and password from /baup and two login, but it doesn't work, i know it have p****ms. plz pm me. i didn't found anything in s.
can someone give me some hints? i got one username and password from /baup and two login, but it doesn't work, i know it have p****ms. plz pm me. i didn't found anything in s.
rooted, i got user 3 months ago.
left root for a while, but read a lot and learn what it takes to own it.
was a very good practice. Feel free to PM if you need help no spoilers, I will give you the methods that lead me to it.
I can't make it work so I have a few questions:
1- Did you copy the binary to your own box to disas it? I think its not necessary since I have the addr and offsets.
2- Did you have to build a new binary? I don't think it's necessary either.
3- My reverse shell is a bit limited and don't have all the output, can this be my problem? What did you do?
I'm a bit lost. The idea is really simple and I knew this technique before.
I hope there are no spoilers in this message, all the info posted here was mentioned before in the thread.
Any advise would be appreciated.
can someone give me some hints? i got one username and password from /baup and two login, but it doesn't work, i know it have p****ms. plz pm me. i didn't found anything in s.
decode "!.?." and use it in p****ms for user.
sry, i didn't found the "!.?."
can u pm me tell more? plz
can someone give me some hints? i got one username and password from /baup and two login, but it doesn't work, i know it have p****ms. plz pm me. i didn't found anything in s.
decode "!.?." and use it in p****ms for user.
sry, i didn't found the "!.?."
can u pm me tell more? plz
same found username and pasword, but failed to login, wtf
succed login, but i dont know what character i see in the page LoL
with found creds??
if you enumerate more, you would found some cred, but you will be disapointed when succed to login, only weird character founded> @x00byte said:
Any hints for this new box?
I already watched it. Tried his method but still nothing.
I've got addr with ld* and offsets with st****s.
It does work :P Try again
Ok, thank you! This is getting me mad.
Perhaps the problem is the way I got shell.
EDIT: IT WAS WORKING! he problem was my shell. I was using a sploit I got on github but it seems its not 100% functional.
I used metasploit and it worked on the first try. So much time lost....
Thanks for the help!
EDIT2: I can't replicate the results. GrRRRRRrRRR!!!
Flew through this box once I got the first coded block. Not a fan of the CTF stuff at first, but root was fantastic. Don't have a lot of BOF experience so learning how to do it really helped me understand the process a lot. Thanks for this challenge sahay!
Comments
Rooted. I don't like those CTF-ish box.
I would not recomand this one to beginners on this website.
Rooted the BoF way, I am super curious to know other ways to root the box. Feel free to PM about that, I would be glad to read your way of rooting it.
Tips for the BoF :
ldd --version will be your friend (then -> https://libc.blukat.me/ -- scroll down)
If you are stuck, read WU about other standard ret2libc. You can PM me about that also.
Tips for user part :
Google for
esoteric languagesOSCP
Twitter : https://twitter.com/N0Fix | CTF team website : https://sentrywhale.com/
Went from really annoying CTF challenges to pretty basic yet fun privesc.
So I found the baup/ dir and I see what looks to be breadcrumbs to a lp/ that says not authorized. Im trying to figure out how to dig into this but unsure what direction to move in! Any help would be fabs!
Where Oh Where to use these credentials.
Hello, I have idk*********s and enumerated the high http port but found nothing yet, I mean I found 4 dirs (one of them is loop) but found nowhere to use the pass. I've also found other service (brazilian dance) but doesn't seem to be the way.
What am I missing?
I've also enumerated subdirs for every dir I've mentioned before. I'm stuck now, I'd appreciate any hint or nudge you can give me.
Thank you!
Oh! Almost forgot I also have a pair of creds, usr/pass, found in b****p dir but nowhere to use them.
I'm completely lost.
Edit: Done user! Thank you @clmtn
Hi guys, I have found the two pairs of credentials + the "idk" password.
Have enumerated directories as much as I could, using both Gobuster and Dirb, used different wordlists (for both directories, files) and still can't find that login page for "p****s" that everyone seems to find. I have found the "p****s" directory but it just returns a 404 + I have tried to enumerate files and further directories from that one, with no success.
I keep running into those loop directories which are recursive up to a certain point, but I have a feeling that is just a rabbit hole.
Would appreciate a PM on which direction I should go
I successfully logged-in p**YS*S.
Now how to get user? can't able to determine p**YS*S version.
What type of shell I should here i.e bind or reverse.
what interface I need to use i.e eth0 or tun0.
I used metasploit but it starts reverse handler and then it shows "Exploit completed but no sessions was created".
Please help
Type your comment> @laxudope said:
I googled p******S vulns and found a git repo with a usefull script.
One should always google first, as a rule.
Good Luck!
this box is not frolic at all. regarding user searchsploit p*****s will also help
Twitter: https://twitter.com/0x4242 | Web: http://0x4242.net
Took a few days, but finally popped this one. And although enjoyable (Maybe not so much at at the time) it shouldn't have been the first one I attempted.
rooted
It was made difficult by removing gdb.
Thanks @clmtn for the help.
hint for r*p bof 52 in magic number
Anyone able to gimme a hand for root? Messing with this BOF Now and I've made some progress but unsure on where to go from here
EDIT:
Nvm rooted :P Was my first BOF and managed to get it done with no hints. Just lots of research
Can anyone provide some hints? Have decode the ../? and now onto the second one but can't get it to anything useful.
I decoded .!? not sure how to go about the next one. Can someone PM me with some hints?
can someone give me some hints? i got one username and password from /baup and two login, but it doesn't work, i know it have p****ms. plz pm me. i didn't found anything in s.
Type your comment> @B1ngDa0 said:
decode "!.?." and use it in p****ms for user.
Look carefully in JS, use that for login in n**x, then looks for subdirs. You may find something useful in "sub sub" directory
i get a weird behavior from meterpreter - can anyone help please?
rooted, i got user 3 months ago.
left root for a while, but read a lot and learn what it takes to own it.
was a very good practice. Feel free to PM if you need help no spoilers, I will give you the methods that lead me to it.
I'm trying to exploit the r*p binary.
I've already read all this that was posted here:
http://codearcana.com/posts/2013/05/28/introduction-to-return-oriented-programming-rop.html
https://stackoverflow.com/questions/19124095/return-to-lib-c-buffer-overflow-exercise-issue
https://www.shellblade.net/docs/ret2libc.pdf
Also watched ippsec video.
I can't make it work so I have a few questions:
1- Did you copy the binary to your own box to disas it? I think its not necessary since I have the addr and offsets.
2- Did you have to build a new binary? I don't think it's necessary either.
3- My reverse shell is a bit limited and don't have all the output, can this be my problem? What did you do?
I'm a bit lost. The idea is really simple and I knew this technique before.
I hope there are no spoilers in this message, all the info posted here was mentioned before in the thread.
Any advise would be appreciated.
@epsequiel have a look at IPpsec October video
Type your comment> @laxudope said:
sry, i didn't found the "!.?."
can u pm me tell more? plz
Type your comment> @B1ngDa0 said:
I've sent you a PM.
Type your comment> @RyanW18 said:
I already watched it. Tried his method but still nothing.
I've got addr with ld* and offsets with st****s.
Type your comment> @epsequiel said:
It does work :P Try again
Type your comment> @banteng999 said:
i am stuck where none of the credential is working and decoded values does not make sense. so any further help please
i crack the zip got ind***p but i don't know how to decode it? can u tell me?
Type your comment> @RyanW18 said:
Ok, thank you! This is getting me mad.
Perhaps the problem is the way I got shell.
EDIT: IT WAS WORKING! he problem was my shell. I was using a sploit I got on github but it seems its not 100% functional.
I used metasploit and it worked on the first try. So much time lost....
Thanks for the help!
EDIT2: I can't replicate the results. GrRRRRRrRRR!!!
Flew through this box once I got the first coded block. Not a fan of the CTF stuff at first, but root was fantastic. Don't have a lot of BOF experience so learning how to do it really helped me understand the process a lot. Thanks for this challenge sahay!