Chainsaw

24

Comments

  • Mind if I dm you? Could use a sense of direction

    @Xentropy said:
    Rooted! What a fun box! Every step taught me something I haven't gotten to do on HTB before. :D

    User: Just use what's in front of you.
    Root: It's still in front of you, but it's no longer related to previous steps. :)

    (There's another step after getting the root account. I'm referring to getting user.txt and root.txt files, not getting a user account or getting a root account.)

  • Not sure how to make the thing "do" something useful. I can set+get - any read how to advance further into the block ?

    image

  • Okay I was able to get SSH access as the one starting with b by feeding stuff to my good friend John and I found two ways to get root. One tedious through the "high thing" foo and one super easy way to bypass this whole ordeal due to the way a certain binary is programmed. (First used the easy method and then the tedious one hoping to get root flag this way...)
    Don't know if the easy path (lol) is intended by the machine author...
    But maybe somebody can point me wtf "R*C" in this newfangled and insecure hipster industry stands for? Google only gives me crappy results when I search for that combined with E******m. Does it somehow relate to the first block?

    image

  • edited June 2019

    any good references on calling functions in W****s? I can connect up, but am lost once it comes to querying and getting results

    edit: nvm, overthinking it

    edit2: any tips for root would be appreciated, stuck on project

  • Type your comment

  • edited June 2019

    Great machine ! Learned a lot about that new fancy technology that John McAfee is talking about all the time.

    image

  • I enjoyed parts of this - other parts were intensely frustrating - all because of my inexperience - but I learned a huge amount - mostly through the help of @darkkilla - who very patiently guided me through the blocks I hit.

    User: already said on the discussion but Python seems more reliable than Node for the first step. Look to the heavens and john to get the flag.

    Root: take the easy path with the binary rather than the longer, well trodden path you took with user. Searching for the root flag - enumerate - or hit me up so I can do my penance for the help I got with this step.

  • I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

  • Type your comment> @ashr said:

    I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

    Think on service correlated to smart contract (hint: read smart contract name)...

  • Type your comment> @Kebby22 said:

    Type your comment> @ashr said:

    I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

    Think on service correlated to smart contract (hint: read smart contract name)...

    I'm sorted, thanks m8. Went through api versioning hell, but got there through an easier method a nice guy suggested \m/

  • hmm... I am pretty much stuck. Everything (including getting root) was straight forward. But now i really don't know what i should try to find. There are definitly some odd things going on, but nothing i looked at seemed to lead to something really "interesting" ...

  • User and "root" went fine, now where is this damn flag!? Scanned trough all files looking for md5 patterns using grep, still no pony. Feel free to PM me , need a nudge!

  • edited June 2019

    For those stuck on the last step... don't slack off and keep trying :)

    will135

  • edited June 2019

    Got the user Flag now try to get root flag !!!
    Edit 1 :- Got root access .......

  • I think this root flag bends a little the rule that the flag have to be inside /root/root.txt ... Well, it is not exactly inside but it is very close.

  • @alamot said:
    I think this root flag bends a little the rule that the flag have to be inside /root/root.txt ... Well, it is not exactly inside but it is very close.

    On the contrary -- no rule is bent technically.

    artikrh

  • Finally got the root flag a big thanks goes to @oztechmuse Again thankuu very much !!

  • edited July 2019

    So a really interesting thing... the .txt is not actually necessary! The value that text file holds is deterministic, so given two values (both of which you have immediately), you can calculate the value! Super cool, kind of wish this was the route instead of just giving away the value. Either way it makes for a beautiful programmatic solution!

  • This box was incredible!!! First time using the foot hold method. Defiantly had some issues regarding the setup of "web3.py" on my side.

    hints for user: write a script of your own using the above method and make sure you have the right functions. There's alot of scripts on github to help you.

    hints for root: there's two ways of doing this. I did it the easy way of finding the right "Path".

  • edited July 2019

    Got root, thanks 2 @oztechmuse for the tip.

    Tip for root: CTF-like and a pain in the ass if you didn't do something alike before or know already what do. Ignore what you have you done till now and get your rubber gloves and scalpel.

  • Without this, I would never knew how to solve that last part. Thanks man! +respect @will135 said:

    For those stuck on the last step... don't slack off and keep trying :)

  • User to root was a little bit too easy imo but I very much enjoyed programming for this as it's something I've never interfaced with before.

    Also, the final step feels too CTFy. I wouldn't have gotten it without the hint from @will135.

  • I wouldn't say this box was easy, there are some clever challenges to this and most steps seemed to require a lot of reading about things I'd never seen before with the occasional gimme and rabbit hole thrown in. Nicely done weaving these into a challenging box and thanks to @stonepresto for the perfect nudge at the end.

  • edited July 2019

    Those hipster apps are sooooo fat!!!
    PS. Got user... It is veeeeeryyyy strange box on the bleeding hipster edge
    PPS. Got root. Me gusta. thanx to @artikrh & @absolutezero

  • I gave this machine a dislike after the root flag idea ...

    Hack The Box

    OSCE | OSCP | CRTE | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)

  • Very nice box, except the last piece, over complicating things IMHO. The idea is very fresh and funny to learn.

    • User : There are some APIs to play with it in several languages. After fighting a lot I used R**** IDE and works perfectly. Then, there is a very common vulnerability but with a different approach.
      After that, enumerate a bit and pay attention to some information that is in front of your eyes. It will give you a hint to what to search.

    • Root: The first path is not hard, just need some interaction. After that, the crazy enumeration comes in place. Thanks @oztechmuse to give me a little hint. To make it easier I suggest to pay attention to this two comments:

    @alamot

    I think this root flag bends a little the rule that the flag have to be inside /root/root.txt ... Well, it is not exactly inside but it is very close.

    @will135

    For those stuck on the last step... don't slack off and keep trying

    Congrats @artikrh and @absolutezero :) I enjoyed it

  • Type your comment> @MisterBert0ni said:

    flag

    right in the feels :/
    great box tho, @Leonishan thanks for the hints.

    v1ew-s0urce.flv
  • seems like there was an unintended way to root the box, it was easy af to get root .... still enjoyed the initial foothold! good box

  • This was a fun one, I'd love to see more boxes that use the software involved in this one (particularly user).

    User: Nothing too crazy, but you'll need to chain together some specialized knowledge to make an otherwise common attack vector click.

    Root: Very straight forward, get your h4xsaws out. Once you have root, you're going to have to dig a bit under the flag to find what you want.

Sign In to comment.