I’m having a hard time finding the “interesting binary” from the lower port. So far I used manual enum or dirb, none of these seem to help me. Anyone could send me a gentle nudge?
Also interested in this… I’m interested in your methodology for finding the binary. Someone told me where it is, and how to get it, but I would have never gotten it on on my own. If someone that has found it, would kindly msg me with HOW they found it, i’d be very appreciative…
At this point I’m trying various crawlers, but none of them return anything. Is there a better way of finding that file?
you can get it from the normal port
Ok I’m officially an idiot XD Got it, will continue tmr… thanks!!!
Great box IMHO. A great exercise for someone new to binary exploitation like myself. Some advice:
User:
I had trouble finding the correct commands to send what I needed to send to the binary. The “cat” command without a file name reads from stdin. So “(cat payload_file; cat) | ./vulnerable_binary” may be what you need to test your exploit payload.
Root:
The file that stands out - it can be “locked” with more than just a password.
This right here was the key to get my user exploit working. No need to use pwntools, although it does help with converting addresses to little-endian. Set a breakpoint on ret and ni / fin your way through to make sure data is ending up where you expect.
for me it’s just part of my enumeration. i do this (the right-click mentioned previously) for every webpage i encounter. kind of a “leave no stone unturned” or “enumerate twice, exploit once”.
Haha, as it turns out, I missed the green text !!! Thanks for your help…
Encountering this kind of challenge for the first time and so I am not able to get a foothold. Would someone please recommend me some resources to get started with? Any specific IPPsec videos maybe?
Have a look at IPSec’s Bitterman video.
Does anyone have an idea how I can get hashcat to run in a VM environment when I can’t use GPU? I’ve tried all the results I’ve found online but I still can’t get it to work.
Hashcat is great with a GPU, but if you don’t think you’re going to have access to one soon, I would just use John.
it seems images are filled with some info. I used steghide and it prompts for password. It doesnt have anything with task (root hash already obtained) but just for my curiosity: did anyone cracked it? Is it some easter egg? Is it worth to be cracked or just a rabbit hole?
I was excited to see another ‘easy’ box getting released and the first step is literally custom exploitation and reverse engineering XD
I’ve only been on this site for about a week. Managed to find the reference to high port, and have no idea how to get this sound-chamber to say what I want.
That’s what I get for picking the box everyone said was easy.