@Ripc0rd said:
Can anyone throw me a hint on root? Hashcat went through the whole rockyou and turned up blank?
If you have only 1 hash then you’re missing some information on how this app works.
Read about various ways and see how you can produce more than 1 hash.
When you have this you’ll get the creds really quick
got 6 hashes, but still not getting anything back?
Ok, I actually took some time to explore and found out that hashcat expects a bit different format for the hash depending on type of encryption and whether certain feature was used.
See example hashes example_hashes [hashcat wiki] and you’ll
figure out what you need to change in the hash for hashcat to work as well.
I guess that creator of the tool didn’t care about hashcat
Finally got root!!
User was a little brainfuck for me since I was new to binary exploitation.
Root: learned about a certain app,
thanks to @Ripc0rd@keyos1@Kucharskov@rewks for nudges.
Had problems getting the exploit to work properly despite being verified by some users. Ended up having to do it manually and I’d love to know why my original code didn’t work if you’re up for debugging it with me. PM Me
Finally root!!! What a journey… About 12 hours for user and only about 15 minutes for root… Thx to all the nice people here who helped me immense in getting user. Special shoutout to @toka@jimmypw and @Kucharskov You guys really rock the show!
User:
ippsec has a great video from 2015 about another CTF challenge which helps you a lot!!!
Add the exploit to a file and execute it afterwards. Don’t do it on the fly via cli. This cost me maybe more than 2 hours.
Find a way to exploit via leet port
Leave an entry point
Root:
Everything already said. Everything you’ll need is right in front of you. Maybe the easiest root I’ve ever had!
Feel free to send me a PM, if you need some hints.
I really liked this box at least for the user. Learnt a lot of things about advanced BOF.
The frustrating part is that we could not used libc leak method remotely (through nc) but locally it works fine.
Of course since it’s an easy box you don’t have to go through libc leak but just use what is in front of you on m***p but If you want to extend your skillz I recommend u to try with the hard method anyway
Would love to chat with someone who as completed the bin ex. I have it working but i am struggling to understand why its working. If you have a good understanding of it and can spare a few minutes please let me know.
Hello ,
It is my first time I am attending any active machine . I couldn’t able to figure out what to do after n map . I tried login in to SSH using user & root but it is all password protected . Can anyone PM me the right direction how to proceed further .
I’m happy to help anyone if you have specific questions about the binex feel free to message me. In the interest of efficiency, though, it will probably be pretty beneficial for both of us if you’ve watched some of the videos or read some of the webpages linked in this post. If you message me saying “any hints for binex” or similar, that’s what I’m going to tell you.
Thanks @deviate, I struggled to find an address where I could write my string, your comment was the last piece I needed to solve the puzzle.
Also, thanks @ecdo for creating a easy box to learn R*P, even though it required a bit of manual labour since ret2libc from the tutorials out there didn’t work