Ellingson

Type your comment> @rahul3515 said:

Got the Userā€¦!!

Scratching my head to get the root. I hate binary exploitation.

Can anybody PM me and give me nudge?

You better learn basics of reverse engineering and debugging. I donā€™t think the binary exploitation part requires something much more than basics. So, thatā€™s going to be good for you. Donā€™t rush, FBā€™s been already taken. But thatā€™s only an advice, do whatever you like to.

I have shell access decrypted passwords no luck. Any help would be good :slight_smile:

Got an exploit working locally but when i try to exploit remotely cant seem to get it to work for root, if someone could send me a PM

so i have p**** int access, able to to view files, move directories, upload files, I still canā€™t manage to get a shell to pop back. I was wondering if i needed to continue with this path or if I should be attempting to access more legitimately on the lower port.

what an awesome box, i have learned a ton, i finally got user and now i am on to root.

Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :slight_smile:

EDIT: Yup, now have shell as technoweenie, working on getting user. Canā€™t seem to find anything pertinent to privesc. I must be missing something. Iā€™ve run a few enumeration scripts and monitored processes to no avail. :confused:

EDIT 2: Well I got user.txt from the one with the God complex. Iā€™ve seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when Iā€™m feeling up to it. Thanks @Dmwong for the hint

as iam getting a lot of dmā€™s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - Camp CTF 2015 - Bitterman - YouTube

just started the machineā€¦ i am lost, donā€™t have clue how to start, any leads would be appreciated. Thanks

@gokuKaioKen said:
hmmmā€¦ found a traceback

how ?

Am i the only one who has problem with the machine timing out like every 3 mins.

hey all, im this initial user on first getting a shell. i know what privs that user has got but cant seem to find anything useful in /var/****. am i supposed to be waiting for a scheduled event to occcur?

Need help on user. Managed to get on the system, now I canā€™t manage to find anything interesting besides a couple of hashes which decrypted donā€™t seem to work and also an executable thatā€™s needed for root though. DM pleaseā€¦

The path to root Is only by binary analysis?

Type your comment> @Hobbot said:

Am i the only one who has problem with the machine timing out like every 3 mins.

Itā€™s probably users that are getting banned before they read the warning about being banned so they reboot the box.

Need help with user. Iā€™ve got a shell on the box but i donā€™t know i to proceed.
I ran a couple of scripts but i canā€™t find anything. Also tried pspy but not seems right direction.
Any hints?

My god this box made me discover ā€œpedaā€ ā€“ after spending so much time fuzzing manually lol. Such a cool box! Congrats to the maker!

Hi, I am working on the binary exploitation and I made a working exploit but for some reason it doesnā€™t work on the box. I have the libc from the box and I get gadgets from it. I donā€™t really know what Iā€™m doing wrong. If someone is willing to give me some hints please do!
Thank you and if I this is a spoiler please tell me to take it down.

Type your comment> @sarange said:

Hi, I am working on the binary exploitation and I made a working exploit but for some reason it doesnā€™t work on the box. I have the libc from the box and I get gadgets from it. I donā€™t really know what Iā€™m doing wrong. If someone is willing to give me some hints please do!
Thank you and if I this is a spoiler please tell me to take it down.

pm me

rooted ā€¦ that rop fucking ate me alive

The g****** file. I canā€™t run it, not user yet. But on my box, when I put in, a thousand chars (roughly), it just launches my command (AAAAAAmycommand). Is it really going to be that easy?