Chainsaw

@artikrh said:

Something changes everytime the box is reset. I think you’re missing that bit.

Absolutely right. At first I tried a different method, restarted the box and never thought it’d change… Ugh… thanks.

Does the next step involve bruting user b****'s s** pk in hope I can generate his pr****k** too?

Rooted. The only thing that I didn’t enjoy about this machine was User (but it wasn’t by any means hard) because of that trendy postmodern decentralized will-end-you-all fluff (don’t want to spoil it for others). I really, really enjoyed the last part of Root though. Thanks to the creators!

If anyone is wondering about using python for the initial foothold, the W**3 module has builtin accounts you can use to send t****s, or you can get test accounts from Rx online IDE. But you’ll need an account or eth-address or whatever its called to make it work for python or just use Rx.

Stellar Machine 5/5. Really educational, informative and fun. An expert machine, but neither totally hard nor brainfuck. A few red herrings (like a certain pair of hardcoded creds) here and there and lots of RTFM, but neither feel forced. I was going to give it a 4/5 becuase of the root.txt part, but the real world scenarios that come into play on this machine really make it stand out against the rest. Here are my tips for this machine.

FOOTHOLD:
You’ll find some easy loot on a service admins usually leave open to anons. Read up on smart contracts and the python or node module used to interact with e******m nodes (Theres a good link on the first page from dapp university) look at the name of the smart contract to get an idea as to what this smart contract might do on the machine and how a common exploit can be attached to this vulnerable function/command.

USER:
Not much enum is needed, look for a service from outerspace that connects the planets. Then yu can use the cli to leak data from this service. Use some of the info about employees to locate the relevant data, then you might need to call up john for the secret.

ROOT:
This is actually 2.5 parts. The easiest as others mentioned is a certain obvious binary that is programmed dangerously, there are some hints in the binary as to what the dangerous part is and you’ll need to compile your own exploit to exploit the dangerous part in the binary. Or you can use the second smart contract. Just remember if you go the smart contract route, you’ll need to first understand how users are created and how passwords are usually protected in databases. The hardcoded creds should give you a hint on the protection used. After you sign-up and signin to the binary, you’ll need to play around with the functions and when you get it to do something that confuses it, you’ll pop what you need to pop.

ROOT.TXT
This is the other .5 part. The hint given in the file is rubbish, but there are good tips already on this forum, my 2cents; Don’t slack off while looking into empty space.

GL!

Hello, I’m trying to interact with the contract but if I use an account I have created. I have not enough funds to send Tx… and If I use the address of anyone else the sender account is not recognized… Someone can help me plz ?

Type your comment> @MrB33n said:

Hello, I’m trying to interact with the contract but if I use an account I have created. I have not enough funds to send Tx… and If I use the address of anyone else the sender account is not recognized… Someone can help me plz ?

You do not need funds

.

Got root! Nice box. All hints already in forum thread.

johny johny yes papa cracking hashes no papa telling lies no papa open your terminal Ah, ah, ah! For how long we should wait for user!?

Frustrating, but interesting box. I learnt a lot!

I’m not able to crack user hash? any hint will be helpful thanks.

Type your comment> @Z0d said:

I’m not able to crack user hash? any hint will be helpful thanks.

If you use the rock, the hash should unravel pretty easily.

Type your comment> @zard said:

Type your comment> @Z0d said:

I’m not able to crack user hash? any hint will be helpful thanks.

If you use the rock, the hash should unravel pretty easily.

I did the rock with two different tools and got nothing , maybe I’m missing something

@Z0d said:

I did the rock with two different tools and got nothing , maybe I’m missing something

I think you are headed for the wrong ‘hash’ since you are referring to a “user hash”. By the way, I would recommend using the “Jumbo” (a.k.a community-driven) version of JTR for any conversion and cracking process; much better and efficient – when you find the correct path, that is.

Type your comment> @artikrh said:

@Z0d said:

I did the rock with two different tools and got nothing , maybe I’m missing something

I think you are headed for the wrong ‘hash’ since you are referring to a “user hash”. By the way, I would recommend using the “Jumbo” (a.k.a community-driven) version of JTR for any conversion and cracking process; much better and efficient – when you find the correct path, that is.

The hash from that outerspace service right? which executed and found in some l**s .

This box was great fun and learned some new methods. I just have one question if anyone can help me out. I used the hints here to get the root hash because I don’t know that my normal methods of enumeration would have lead me to the solution. For future reference what method would have lead me down the eventual correct path? Thanks all.

I’m sure i have the correct hash for user ob* but couldn’t crack it. Any help would be appreciated thanks.

Could any one give me a hint on b** user i got shell as a** user found something $6$ but not worked for me, PM please.

Someone can message me for hints plz ?? I am trying hard.

Type your comment> @MrB33n said:

Someone can message me for hints plz ?? I am trying hard.

where are you stuck at?