Chainsaw

Anyone have any advice on how to “mine deeper”?

Type your comment> @darkkilla said:

Type your comment> @lyak said:

@darkkilla you have everything you need in the user’s folder

Are you referring to something from outer space with 4 letters in it? I was blind… lol

You bet he is, you are on the right track

Anyone have a hint on initial foothold? I've connected to *810 a few different ways, one through Re*** IDE, through G**h. Read up on W**3 and all the commands but I can't seem to make anything happen up there worth mentioning.

Update: Make sure the address has not changed!

Yea same for me. One thing to learn a new concept in a day, and completely another thing to find a working exploit on it. Day 2 onwards!

@frankx said:
Anyone have a hint on initial foothold? I've connected to *810 a few different ways, one through Re*** IDE, through G**h. Read up on W**3 and all the commands but I can't seem to make anything happen up there worth mentioning.

Well I am still blind as a bat I guess. I dumped the contents of the thing from outer space (and also I copied everything I had read access to my local machine… basically rsyncing the “whole” machine… still working on a way to remove everything from that ton of files/folders that is native / unmodified to the real OS and sifting through the remaining stuff), found the counterparts to the files found somewhere else but the counterparts are encrypted. I can’t seem to find the place where I should get the passphrase from… again I definitely don’t want to try and throw wordlists at the files… which would be a last resort. There are files in /tmp I tried reading but from what I say they got created while getting the initial foothold when sending transactions. So far this machine has been my Kryptonite. The only thing I could imagine would be using some sort of “ID” to get data from the two services but then again: The one service apparently has only the first block with nothing of value in it and the other one only has stuff which is related to my own activities. I also found something listening on UDP on a particular port but I think it’s related to the outer space thingy… which would mean that anything I could find on that port would somehow also be present in the files.

@darkkilla said:
Well I am still blind as a bat I guess. I dumped the contents of the thing from outer space (and also I copied everything I had read access to my local machine… basically rsyncing the “whole” machine… still working on a way to remove everything from that ton of files/folders that is native / unmodified to the real OS and sifting through the remaining stuff), found the counterparts to the files found somewhere else but the counterparts are encrypted. I can’t seem to find the place where I should get the passphrase from… again I definitely don’t want to try and throw wordlists at the files… which would be a last resort. There are files in /tmp I tried reading but from what I say they got created while getting the initial foothold when sending transactions. So far this machine has been my Kryptonite. The only thing I could imagine would be using some sort of “ID” to get data from the two services but then again: The one service apparently has only the first block with nothing of value in it and the other one only has stuff which is related to my own activities. I also found something listening on UDP on a particular port but I think it’s related to the outer space thingy… which would mean that anything I could find on that port would somehow also be present in the files.

Sometime it has to be:

But you sound to be definitely on the right track

Rooted! What a fun box! Every step taught me something I haven’t gotten to do on HTB before. :smiley:

User: Just use what’s in front of you.
Root: It’s still in front of you, but it’s no longer related to previous steps. :slight_smile:

(There’s another step after getting the root account. I’m referring to getting user.txt and root.txt files, not getting a user account or getting a root account.)

Any hints for that final last step as that is where I am up to, not sure where/how to ‘mine deeper’ so to speak.
Thanks in advance

Mind if I dm you? Could use a sense of direction

@Xentropy said:
Rooted! What a fun box! Every step taught me something I haven’t gotten to do on HTB before. :smiley:

User: Just use what’s in front of you.
Root: It’s still in front of you, but it’s no longer related to previous steps. :slight_smile:

(There’s another step after getting the root account. I’m referring to getting user.txt and root.txt files, not getting a user account or getting a root account.)

Not sure how to make the thing “do” something useful. I can set+get - any read how to advance further into the block ?

Okay I was able to get SSH access as the one starting with b by feeding stuff to my good friend John and I found two ways to get root. One tedious through the “high thing” foo and one super easy way to bypass this whole ordeal due to the way a certain binary is programmed. (First used the easy method and then the tedious one hoping to get root flag this way…)
Don’t know if the easy path (lol) is intended by the machine author…
But maybe somebody can point me wtf "RC" in this newfangled and insecure hipster industry stands for? Google only gives me crappy results when I search for that combined with E*****m. Does it somehow relate to the first block?

any good references on calling functions in W****s? I can connect up, but am lost once it comes to querying and getting results

edit: nvm, overthinking it

edit2: any tips for root would be appreciated, stuck on project

Type your comment

Great machine ! Learned a lot about that new fancy technology that John McAfee is talking about all the time.

I enjoyed parts of this - other parts were intensely frustrating - all because of my inexperience - but I learned a huge amount - mostly through the help of @darkkilla - who very patiently guided me through the blocks I hit.

User: already said on the discussion but Python seems more reliable than Node for the first step. Look to the heavens and john to get the flag.

Root: take the easy path with the binary rather than the longer, well trodden path you took with user. Searching for the root flag - enumerate - or hit me up so I can do my penance for the help I got with this step.

I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

Type your comment> @ashr said:

I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

Think on service correlated to smart contract (hint: read smart contract name)…

Type your comment> @Kebby22 said:

Type your comment> @ashr said:

I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

Think on service correlated to smart contract (hint: read smart contract name)…

I’m sorted, thanks m8. Went through api versioning ■■■■, but got there through an easier method a nice guy suggested \m/

hmm… I am pretty much stuck. Everything (including getting root) was straight forward. But now i really don’t know what i should try to find. There are definitly some odd things going on, but nothing i looked at seemed to lead to something really “interesting” …

User and “root” went fine, now where is this ■■■■ flag!? Scanned trough all files looking for md5 patterns using grep, still no pony. Feel free to PM me , need a nudge!