Safe

Type your comment> @chiefgreek said:

Can’t get binary to run on my machine. Does it have to be x64 ?

Your Kali must be 64 bit

Just finished this one up and wanted to share my thoughts.

1st: I have no idea why this is an “easy” box. User is not an easy task and offers a steep learning curve for someone who has not done binary exploitation. It is doable but if this is your first time in a debugger, go and take a few tutorials and then take a crack at the reversing challenges here on HTB before you continue.

User: Everything is in the program! I used IDA to look at structure and then ROPgadget to find ROP gadgets. Don’t spend time working on bypassing ASLR, you don’t need to. NX is on, you cant execute on the stack - for those of you asking why you jump to your code and then it doesn’t work - this is likely the issue.

Root: Fun! Look around when you get a shell and then Google. This is a box on HTB, meaning if it isn’t there by default the authors put it there. Once you get your ducks in a row I recommend hashcat, but JTR works.

Hey can anyone DM me about user? I feel like I’ve got the bin exploit but still receive seg fault. Have a few questions about ROP

I have root pw but no idea where to use it… Looks that it is not working in ssh. Anyone can give me a hint about it, please? Thanks in advance.

EDIT: Got Root!

I would like to discuss the process to get user. I am generally familar with rop chains and re2libc but have a few questions.
Kindly asking for help.

Nice box to start learn this kind of exploits (user part)

Got everything; authenticating as root gives me authentication failure; can someone help?

Spoiler Removed

asdfsd

root question: used kp2jon to extract the hash, didnt care about the pictures.
I didnt think that I need to use Steghide etc. to do the Stenography at first, however, after I used the rockyou dict to try the GPU exhausting task, it failed.

what am I missing? thanks a lot!

Type your comment> @garnettk said:

root question: used kp2jon to extract the hash, didnt care about the pictures.
I didnt think that I need to use Steghide etc. to do the Stenography at first, however, after I used the rockyou dict to try the GPU exhausting task, it failed.

what am I missing? thanks a lot!
The pictures

can anyone help me with master password for kee**** . i tried bruteforcing for hours but i didn’t get anything. please help me

@azeroth PM me

For how long we should try to crack the hash of KP !! Running for ages with no luck, any suggestion.

I’m thinking of try to elevate to root using different approach if possible.

Type your comment> @azeroth said:

can anyone help me with master password for kee**** . i tried bruteforcing for hours but i didn’t get anything. please help me

When you extract the hash don’t forget the 6 files you have to add them, then the master key will be obtained quickly.

Type your comment> @Z0d said:

For how long we should try to crack the hash of KP !! Running for ages with no luck, any suggestion.

I’m thinking of try to elevate to root using different approach if possible.

Got it!

If anyone has any hints on how to get to root, feel free to message me. I have all of the files. I have run j and H****** on the password file as well as steg bf to try and get the info out of the other files and can’t seem to get anywhere.

Guys any nudges on Binary exploitation of Safe- User? n00b BOF skills

Anyone willing to look over what I have been doing for BOF to give a hint where I might be going wrong for getting user.txt, been trying to get it to work for 6+ hours now…

How do you guys download the .k**x file from the system?