Chainsaw

I gave this machine a dislike after the root flag idea …

Very nice box, except the last piece, over complicating things IMHO. The idea is very fresh and funny to learn.

  • User : There are some APIs to play with it in several languages. After fighting a lot I used R**** IDE and works perfectly. Then, there is a very common vulnerability but with a different approach.
    After that, enumerate a bit and pay attention to some information that is in front of your eyes. It will give you a hint to what to search.

  • Root: The first path is not hard, just need some interaction. After that, the crazy enumeration comes in place. Thanks @CyberMnemosyne to give me a little hint. To make it easier I suggest to pay attention to this two comments:

@alamot

I think this root flag bends a little the rule that the flag have to be inside /root/root.txt … Well, it is not exactly inside but it is very close.

@will135

For those stuck on the last step… don’t slack off and keep trying

Congrats @artikrh and @absolutezero :slight_smile: I enjoyed it

Type your comment> @MisterBert0ni said:

flag

right in the feels :confused:
great box tho, @Leonishan thanks for the hints.

seems like there was an unintended way to root the box, it was easy af to get root … still enjoyed the initial foothold! good box

This was a fun one, I’d love to see more boxes that use the software involved in this one (particularly user).

User: Nothing too crazy, but you’ll need to chain together some specialized knowledge to make an otherwise common attack vector click.

Root: Very straight forward, get your h4xsaws out. Once you have root, you’re going to have to dig a bit under the flag to find what you want.

Really enjoyed this box and learned a few new things. PM for hints.

Really learned about slack space in this one. Thanks @naveen1729 for the final tip

@will135 said:
For those stuck on the last step… don’t slack off and keep trying :slight_smile:

For a beginner with W3 and E*** could anyone please help with how to begin with interacting with the high port? PMs are also welcome

Type your comment> @rowra said:

For a beginner with W3 and E*** could anyone please help with how to begin with interacting with the high port? PMs are also welcome

I got the setter and getter working, I can set and then get what I set before. I just have zero idea what the payload should be. I tried obvious things but none did anything :frowning: Nudges either here or pm welcome! thanks

At this point I’m rather certain I’m not doing anything wrong. I’ve discussed my script and my payload with multiple persons and it’s right. Yet nothing at all happens, can’t get a http request sent towards me or a revshell.
Clueless at this point… any idea? Anyone that can re-re-recheck my syntax? Thanks

@rowra said:

At this point I’m rather certain I’m not doing anything wrong. I’ve discussed my script and my payload with multiple persons and it’s right. Yet nothing at all happens, can’t get a http request sent towards me or a revshell.
Clueless at this point… any idea? Anyone that can re-re-recheck my syntax? Thanks

Something changes everytime the box is reset. I think you’re missing that bit.

Finally , I got the root access and found the root flag. To find the root flag is somewhat out of real world scenarios.

@artikrh said:

Something changes everytime the box is reset. I think you’re missing that bit.

Absolutely right. At first I tried a different method, restarted the box and never thought it’d change… Ugh… thanks.

Does the next step involve bruting user b****'s s** pk in hope I can generate his pr****k** too?

Rooted. The only thing that I didn’t enjoy about this machine was User (but it wasn’t by any means hard) because of that trendy postmodern decentralized will-end-you-all fluff (don’t want to spoil it for others). I really, really enjoyed the last part of Root though. Thanks to the creators!

If anyone is wondering about using python for the initial foothold, the W**3 module has builtin accounts you can use to send t****s, or you can get test accounts from Rx online IDE. But you’ll need an account or eth-address or whatever its called to make it work for python or just use Rx.

Stellar Machine 5/5. Really educational, informative and fun. An expert machine, but neither totally hard nor brainfuck. A few red herrings (like a certain pair of hardcoded creds) here and there and lots of RTFM, but neither feel forced. I was going to give it a 4/5 becuase of the root.txt part, but the real world scenarios that come into play on this machine really make it stand out against the rest. Here are my tips for this machine.

FOOTHOLD:
You’ll find some easy loot on a service admins usually leave open to anons. Read up on smart contracts and the python or node module used to interact with e******m nodes (Theres a good link on the first page from dapp university) look at the name of the smart contract to get an idea as to what this smart contract might do on the machine and how a common exploit can be attached to this vulnerable function/command.

USER:
Not much enum is needed, look for a service from outerspace that connects the planets. Then yu can use the cli to leak data from this service. Use some of the info about employees to locate the relevant data, then you might need to call up john for the secret.

ROOT:
This is actually 2.5 parts. The easiest as others mentioned is a certain obvious binary that is programmed dangerously, there are some hints in the binary as to what the dangerous part is and you’ll need to compile your own exploit to exploit the dangerous part in the binary. Or you can use the second smart contract. Just remember if you go the smart contract route, you’ll need to first understand how users are created and how passwords are usually protected in databases. The hardcoded creds should give you a hint on the protection used. After you sign-up and signin to the binary, you’ll need to play around with the functions and when you get it to do something that confuses it, you’ll pop what you need to pop.

ROOT.TXT
This is the other .5 part. The hint given in the file is rubbish, but there are good tips already on this forum, my 2cents; Don’t slack off while looking into empty space.

GL!

Hello, I’m trying to interact with the contract but if I use an account I have created. I have not enough funds to send Tx… and If I use the address of anyone else the sender account is not recognized… Someone can help me plz ?

Type your comment> @MrB33n said:

Hello, I’m trying to interact with the contract but if I use an account I have created. I have not enough funds to send Tx… and If I use the address of anyone else the sender account is not recognized… Someone can help me plz ?

You do not need funds

.

Got root! Nice box. All hints already in forum thread.