Smasher2

so is B**** Fing the J on the second log** the correct way or does the .s file have the thing in it to get in?

Do you have to bruteforce the second login? Because it’s as brittle as crackers and immediately starts timing out as soon as I start testing against it and have to restart the server.

Edit: I haven’t made it past the second login yet, but based on what I found at another place I don’t think you need to bruteforce it. They probably wouldn’t have given us what they did if you had to.

.

Man… This was a ■■■■ of a challenge… Many, many hours staying up and trying to get it, but with the help of a couple of lovely people on this site, we managed to finally get root! Thanks @dzonerzy and @xG0 for the wild ride, can’t wait for Smasher3!

Type your comment> @n0x90 said:

dzonerzy dropped a hint - I’m sure he won’t mind me sharing: user: admin, password beginning wth C. common.

thanks dzonerzy :heart:

sorry make that an ‘a’, no its DEFINITELY A ‘C’ rockyou baby

Is this true, been rocking it for a long time now…

What a beauty root, love it … truly…
Anyone here to discuss the ways for the user :smiley: ? I’m curious about the methods to get it s:
btw, why this smasher2 box gives no badge ? :open_mouth:
cheers!

Type your comment> @keithschm said:

Type your comment> @n0x90 said:

dzonerzy dropped a hint - I’m sure he won’t mind me sharing: user: admin, password beginning wth C. common.

thanks dzonerzy :heart:

sorry make that an ‘a’, no its DEFINITELY A ‘C’ rockyou baby

Is this true, been rocking it for a long time now…

)It is true but grep for “c” (lowercase c)

Can anyone PM some hints on dissembling the ***.*o file. I am using ghidra but I am new to it and cant seem to find what I am looking for

Root was freaking awesome! Never had to do that before and it was so much fun creating a working exploit! :smiley:

Loved it <3.

what tool did everyone use for the initial brute, seems to be taking forever using metasploit module even using the hint in this forum about grepping “c”

Type your comment> @badman89 said:

what tool did everyone use for the initial brute, seems to be taking forever using metasploit module even using the hint in this forum about grepping “c”

hydra

Would anyone be willing to PM me a nudge for the .*y and .*o file part? I’m slowly understanding them but it’s taking me quite a bit to push onward… Any/all help is welcome and greatly appreciated :slight_smile:

Does anybody have some time and will to give me a nudge to proceed further ?
I worked on .y and not sure if Fla… solution is right path.
Thank you in advance for anything.

Type your comment> @farbs said:

Would anyone be willing to PM me a nudge for the .*y and .*o file part? I’m slowly understanding them but it’s taking me quite a bit to push onward… Any/all help is welcome and greatly appreciated :slight_smile:

stuck at same stage

Wow!! that message “you must think outside the box” is a understatement.

Hints for user: python - Single vs double quotes in JSON - Stack Overflow

Hints for root: Pray.

This one is great fun but I’m stuck :smiley: A nudge in how to get the manager key would be appreciated. Thought I could download the source / ‘that log’ with the data to generate the key in with another call, but so far no joy. Can see the end result, easy to get the local version to work, but need the final piece of the puzzle.

Guess I could brute a bunch of keys with the function from the source and chuck them at the thing?

trying hurder anyway…

Type your comment> @ashr said:

This one is great fun but I’m stuck :smiley: A nudge in how to get the manager key would be appreciated. Thought I could download the source / ‘that log’ with the data to generate the key in with another call, but so far no joy. Can see the end result, easy to get the local version to work, but need the final piece of the puzzle.

Guess I could brute a bunch of keys with the function from the source and chuck them at the thing?

trying hurder anyway…

Hah! NVM! Forgot about the name of the box.

RE: Well i can segfault it but that’s where my skills die…can’t do the python-dbg gdb thing. If there’s another way hook me up. Got about 14 million keys generated, but surely that’s not the way to do this :disappointed:

Type your comment> @johnnyz187 said:

Wow!! that message “you must think outside the box” is a understatement.

Hints for user: python - Single vs double quotes in JSON - Stack Overflow

Hints for root: Pray.

This a good hint for user, but not for root))
Could somebody give a hint for root?

Disappointed with the root, looks like the author copied the second stage from somewhere without modifying it at all.