Arkham

Thanks @MinatoTW for very painful box which made me learn tons of stuff … :smiley: and everyone who has helped me in the way, including @ophelia

Still floundering and stuck at our favourite superhero who, ironically, can do everything in the films but very little on this box! I gather that getting beyond Mr Wayne and on to Administrator probably has something to do with the .b** file and possibly also U**, though I’ve no idea what. Don’t even know what to Google at this point! Any tips?

Boom - got the root flag at last! Thank you so much to various people that helped me on this. Many lessons learnt here, good work @MinatoTW, great box.

If you’re struggling at the final hurdle, return to things you likely enumerated during your first 2 minutes of this challenge - don’t overcomplicate things that don’t need to be overcomplicated!

@19Rich i think that route is unintended but i may be wrong, anyway it works

I can decrypt, encrypt, sign and verify locally. I am failing to inject. Would someone review my approach? I don’t see what I’m doing wrong.

Type your comment> @davidlightman said:

I can decrypt, encrypt, sign and verify locally. I am failing to inject. Would someone review my approach? I don’t see what I’m doing wrong.

Same here as you, can decrypt original one, encrypt again, post to page and works. When i generate my own payload it doesn’t work … anyone can help me, im stuck for days :skull:

check what’s in the original v***e and think what server may be expecting before accepting it
i didn’t get this to work without modifying .j
files

There are a lot payloads you can try but only one of them works. Make sure to try all.

Also any privesc tips?

Ah, makes sense. Thanks.

Got user. Thanks to anyone who helped. Now on to root!

Please help… stuck on elevating by admin (last step)

Got user, would appreciate a pointer in the right direction for privesc.

Rooted. I used the easy way. I’d love to pop a shell. I think I know what to do; I am failing at it. Would someone guide me?

Totally got root… harsh machine !

Rooted.

This box is fantastic. Several interesting concepts involved in a single box. I definitely plan to go back in this box to try alternative ways… :slight_smile:

Many thanks @MinatoTW for this!

Rooted. It was painful but fun.
High quality box.
??

hashcat currently saying 2 days to crack the b*****.**g with 2xRadeon r290x and Rockyou.txt? is that right? or should this be much quicker, or am i simply overlooking something simpler?

Type your comment> @Ripc0rd said:

hashcat currently saying 2 days to crack the b*****.**g with 2xRadeon r290x and Rockyou.txt? is that right? or should this be much quicker, or am i simply overlooking something simpler?

As @MinatoTW said: “you can intelligently create a “subset” wordlist from rockyou depending on the box.”

You will spend just 4 minutes to crack if after doing that.

Type your comment> @ElTete said:

Type your comment> @Ripc0rd said:

hashcat currently saying 2 days to crack the b*****.**g with 2xRadeon r290x and Rockyou.txt? is that right? or should this be much quicker, or am i simply overlooking something simpler?

As @MinatoTW said: “you can intelligently create a “subset” wordlist from rockyou depending on the box.”

You will spend just 4 minutes to crack if after doing that.

Yup, realised what I should have done once my GPU’s cooled down :-/ live and learn…

trying to figure out how to combine the secret thing with the other thing to make it readable now…

Sooo… If anyone wants to throw me a bone on how to decode/decrypt the things I have, that would be great. Tried writing something in Python, but failing miserably.