Safe

1356712

Comments

  • Type your comment> @smaxs said:

    Hi i got stuck on this one, do i have to use a BoF ?!?!

    i noticed wenn i send a long value to the port i dont get the repsone i usualy get there...
    but i have no clue how i can get the binary.. to create a exploit...

    maybe somone can push me litle bit in the right direction

    thx

    I am also thinking about same ..........Also downloaded the binary on my local system and use same U r talking about and also experience what BoF gives..still thinking about it

  • Type your comment> @smaxs said:

    Hi i got stuck on this one, do i have to use a BoF ?!?!

    i noticed wenn i send a long value to the port i dont get the repsone i usualy get there...
    but i have no clue how i can get the binary.. to create a exploit...

    maybe somone can push me litle bit in the right direction

    thx

    I'm stuck here as well :( Looks like a BoF, but where to get the bin???

  • Type your comment> @kckriega said:

    I'm stuck here as well :( Looks like a BoF, but where to get the bin???

    Hope this comment helps you to get the binary...

    Type your comment> @opt1kz said:

    Type your comment> @Ketil said:

    Would anyone mind dropping some names of techniques which i must have overlooked.

    Turn off 90% of your brain and just right-click.

    v1p3r0u5
    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

  • Type your comment> @v1p3r0u5 said:

    Type your comment> @kckriega said:

    I'm stuck here as well :( Looks like a BoF, but where to get the bin???

    Hope this comment helps you to get the binary...

    Type your comment> @opt1kz said:

    Type your comment> @Ketil said:

    Would anyone mind dropping some names of techniques which i must have overlooked.

    Turn off 90% of your brain and just right-click.

    Thanks. Heading over to the shame corner.

  • Type your comment> @kckriega said:

    Thanks. Heading over to the shame corner.

    Never mind. Maybe you will have more success with the following part than me. Good luck!

    v1p3r0u5
    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

  • hey all has anyone had any joy getting the seg fault to happen within gdb, i keep getting"Warning: not running or target is remote

  • Any hints for root? Stuck at it for a long time. Tried breaking the hash, but nothing,!

  • edited July 28
    rooted
    user is not that hard if you have experience in similar challenges.
    root was brainf**k for me.

    toka

  • Rooted.

    Having binary exploitation usually makes me give the box an automatic like, however the rest of this box is pretty bad; I can now see why this box has such bad ratings now.

    For user: The source is your friend. Once you get it, remember why this box is rated easy: You don't need to go through the entire ret2libc-leak-calculate process. If system's provided to you, but you don't have the shell string, maybe it's possible to provide one yourself?

    For root: Just using k******2j*** won't work. One of the images needs to be used in conjunction with it.

    Thanks to @snowscan and @xdaem00n for your help!

  • I have my exploit works local in my host, but doesn't works in remote server...Anyone can give me in DM some hits? Thanks...

  • Type your comment> @MrR3boot said:

    How even this box got approved. wasted my precious time today on this. Its simply copy of previous ones..

    we were thinking the same thing...

  • User:
    - If people are struggling with running the binary with peda - peda sets follow-fork-mode to child whereas vanilla gdb has it as parent by default. You may wish to sed -i 's/follow-fork-mode child/follow-fork-mode parent/g' ~/peda/peda.py (or whever your peda is located).
    - Everything you need is contained within the binary itself.

    Root:
    - I'm sure you don't need a hint to find the correct vector.
    - When you use the right things, it shouldn't take long at all to get a result.

  • Type your comment> @rewks said:

    • If people are struggling with running the binary with peda - peda sets follow-fork-mode to child whereas vanilla gdb has it as parent by default. You may wish to sed -i 's/follow-fork-mode child/follow-fork-mode parent/g' ~/peda/peda.py (or whever your peda is located).

    Lifesaver, been trying to troubleshoot that forever..

  • I haven't done a BOF before. What would be a good first timer tutorial that covers what I need to know for this box? (Feel free to PM instead of posting here if it's spoiler-ish).

  • edited July 29

    Rooted. Didn't like this box at all -- almost wondering how it even got selected in the first place? Feels like a repeat of another box cough (some will know which I'm referring to).

    Anyways, hints:

    user
    As others have been saying, provide your own shell for yourself. Once you find what you are looking for and break it down, you'll be able to understand how to get your shell. Don't read too deep into the binary.

    root
    Check out what is already given to you. Enumerate it. What is it? What can you do with something like this? This step is extremely CTF-like. Run through each, carefully. You'll know what to do in the end. Afterwards, give yourself a fully interactive shell and make the switch.


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • just rooted. not a bad box.

    hints for user: make sure to inspect the binary to see what's provided.

    hints for root: focus on the tool and what you have in front of you, don't "over-enumerate", it's pretty fast if you're doing the right thing.

    pm for hints

  • Type your comment> @kckriega said:
    > Type your comment> @v1p3r0u5 said:
    >
    > Type your comment> @kckriega said:
    >
    > I'm stuck here as well :( Looks like a BoF, but where to get the bin???
    >
    >
    >
    >
    >
    > Hope this comment helps you to get the binary...
    >
    > Type your comment> @opt1kz said:
    >
    > Type your comment> @Ketil said:
    >
    > Would anyone mind dropping some names of techniques which i must have overlooked.
    >
    >
    >
    >
    >
    > Turn off 90% of your brain and just right-click.
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > Thanks. Heading over to the shame corner.

    and here I was turning my brain on... thanks for the tip :)
  • Type your comment> @hva said:

    I haven't done a BOF before. What would be a good first timer tutorial that covers what I need to know for this box? (Feel free to PM instead of posting here if it's spoiler-ish).

    me too

  • Still learning about BOF, any retired boxes anyone can recommend for me to practice and make use of the VIP service. Feel free to PM me. That's the best way I learn trying to use the retired boxes and learning as i go with hints from the writeups.

    Hack The Box

  • The box is clearly inspired by BigHead.

    limbernie
    Write-ups of retired machines

  • Type your comment> @farbs said:

    Rooted. Didn't like this box at all -- almost wondering how it even got selected in the first place?

    Anyways, hints:

    user
    As others have been saying, provide your own shell for yourself. Once you find what you are looking for and break it down, you'll be able to understand how to get your shell. Don't read too deep.

    root
    Check out what is already given to you. Enumerate it. What is it? What can you do with something like this? This step is extremely CTF-like. Run through each, carefully. You'll know what to do in the end. Afterwards, give yourself a fully interactive shell and make the switch.

    thanks you're a great help to the community and I've respected your profile, if i could i'd respect it twice.

    v1ew-s0urce.flv
  • Does any one know of a decent tutorial for the R** side of things? I've done BoF before but only 32bit and no R**. Need a decent tutorial/resource to get up to speed :)

  • footold;
    nmap it, make sure to scan all ports. focus on port 80, try to see things behind the scenes, and something will make sense to you.
    user;
    a great way to learn a little about the topic, once you're done with the exploit, address it to the "leet" port.
    root;
    no python or netcat, but you still can get something nice out of ssh. focus on the home directory, it has all the files needed to get root. google about the database type, try to find attack vectors and then, read --help, maybe there's an option to pass something you already have in addiction.
    it will all make sense after that, remember that this is a CTFish box, so clues might be hidden
    over all a great box to step into R** and exploitation, nothing more than that

    v1ew-s0urce.flv
  • edited July 29
    1st easy box I cannot complete, figured out pretty fast there is a bof on high port. Will try to read up but will most probably dump this box.

    Later edit: Can someone please confirm this is ROP related?
  • Type your comment> @seke said:

    1st easy box I cannot complete, figured out pretty fast there is a bof on high port. Will try to read up but will most probably dump this box.

    Later edit: Can someone please confirm this is ROP related?

    si

  • need a hint on user, thanks...

  • Got a working exploit for local but does not work remote - i need to check if I can do better. My local exploit uses stack address but I guess i can find a better way.

  • Boing ! At least user !

  • Was stuck for a little bit trying to make the binary exploit work, make sure you pay attention to the calling conventions when jumping to the calls you want to use. If you can't find info on proper calling conventions just run the program in gdb and see how they are regularly used. Take note of registers used and if information needs to be passed as pointers.

  • I was excited to see another 'easy' box getting released and the first step is literally custom exploitation and reverse engineering XD

Sign In to comment.