AI

User part is funny. A little annoying once you figured out how to do the injection and test the payload but really fun. Thanks @MrR3boot

Rooted!
User part was cool and fun!
Root a bit frustrating, you must enumerate quite well.

Hmm totally stuck on init foothold, how are people getting AI to recognize any symbols/punctuations besides the ones on i********e.p, I only have words so far.
or if this is not even needed to get the required info out of the q
y page

Type your comment> @Vfocfz said:

just I need to know if am I in the right way after playing little bit with the waf I triggered *QL error

same

Type your comment> @zkvo said:

Hmm totally stuck on init foothold, how are people getting AI to recognize any symbols/punctuations besides the ones on i********e.p, I only have words so far.
or if this is not even needed to get the required info out of the q
y page

Pay attention to what is said on i*********e.**p and do some googlefu

@salute101 said:
Type your comment> @Vfocfz said:

just I need to know if am I in the right way after playing little bit with the waf I triggered *QL error

same

yes

Type your comment> @zkvo said:

Hmm totally stuck on init foothold, how are people getting AI to recognize any symbols/punctuations besides the ones on i********e.p, I only have words so far.
or if this is not even needed to get the required info out of the q
y page

In that page, there’s one big hint in the bottom.

Hints:

  • Initial enumeration:
    There’s a page that isn’t linked to that you need to find. Look up the things it references, it’ll really help later.
  • User:
    I guessed some common values here and it worked, there may be a more concrete method.
  • Root:
    Enumerate running processes. Once you find your method, wait. It may take a few minutes to work.

When uploading empty files I get “Our understanding…”; with wav files with simple words (not even trying advanced queries from the intel* table) I don’t get anything at all and most of the time the POST timeouts. Am I using a wrong format (16bit / mono / 8kHz)? Is it a cheap way to make this box difficult? I tried different TTS softwares, this thing just doesn’t work.

Thank you to @0PT1MUS for the hints provided.

My hints for user :

1º You can use TTS, or record yourself with a mic. There are different online TTS services available, but only one worked for me in the end. I would share the name, but apparently it was considered a spoiler in the first page.

As a hint, there’s one demo available by one company Steve Jobs didn’t like that will help you.

2º Enumerate in order to get additional information about the kind of queries you can perform. Don’t forget to pay attention to the references within that page.

3º There’s one word you need that might be split in two after being parsed by the AI. You can either record the word yourself, or replace the R with “her”.

I like the concept of the box, but I struggled with the TTS.

Let’s see about root.

after upload the WAV File i got the error we looking for but Can’t do any other Q**** because of the text-speech translate them by wrong way

I tried AWS Polly without success, totally misunderstood

For user, once you find the particularly smart page, RTFM and google. You will struggle otherwise. lol

Also, go for as high-quality of a male american voice as you can find. I found the (free) ones that were available offline were too poor in quality to succeed here. There are lots of demo high quality text to speech services online for you to use.

User: this is key

@twypsy said:
Thank you to @0PT1MUS for the hints provided.

My hints for user :

1º You can use TTS, or record yourself with a mic. There are different online TTS services available, but only one worked for me in the end. I would share the name, but apparently it was considered a spoiler in the first page.

As a hint, there’s one demo available by one company Steve Jobs didn’t like that will help you.

2º Enumerate in order to get additional information about the kind of queries you can perform. Don’t forget to pay attention to the references within that page.

3º There’s one word you need that might be split in two after being parsed by the AI. You can either record the word yourself, or replace the R with “her”.

I like the concept of the box, but I struggled with the TTS.

Let’s see about root.

Also, try common values.

Very fun user, thx @MrR3boot ! Now going for root

I gotta say, whilst i’m usually a huge fan @MrR3boot boxes. I’m really not liking this one. Whilst it’s a cool piece of stunt-hacking and would be particularly cool to read up about if found in the wild. I just can’t get to grips with it here on HTB. It takes a painfully long time to mess with, is very finicky and even if you know exactly what to do. Meddling with getting output files right makes this extremely tedious to complete.

tl;dr love the idea of this box, I don’t like actually having to do it.

Just my two-cents, I can understand the positive reception among some members entirely.

Type your comment> @mech said:

I gotta say, whilst i’m usually a huge fan @MrR3boot boxes. I’m really not liking this one. Whilst it’s a cool piece of stunt-hacking and would be particularly cool to read up about if found in the wild. I just can’t get to grips with it here on HTB. It takes a painfully long time to mess with, is very finicky and even if you know exactly what to do. Meddling with getting output files right makes this extremely tedious to complete.

tl;dr love the idea of this box, I don’t like actually having to do it.

Just my two-cents, I can understand the positive reception among some members entirely.

I originally shared your opinion, but after having gotten it over and done with I feel pretty good about the box. It’s not too easy or hard and presents some interesting attack vectors. All in all pretty good qualities for a medium-difficulty box. It may not be my favorite of all time but I think objectively the box is well put-together and thought-through and @MrR3boot did a great job executing on the concept. :slight_smile:

@MrR3boot where’s the chocolate box

Hints for root :

  • Enumerate processes.

  • Research about them in order to understand what’s going on.

  • Eventually while researching you will find a vuln. The exploit was unstable for me and it took some time to get it to work. It’s just a matter of trying.

  • I couldn’t get a reverse shell despite trying different methods, so I just went another way.

There’s a reliable way to exploit the root step, but you should look for an alternate exploit for the same vulnerability to do it. After that you just have to trigger it. (hint: 5)