AI

Mr robot’s boxes always suck. This one is no exception.

I have found the error and are working on generating the query. My tool for this seems to be quite unreliable. Can anyone help me in the right direction? i am running osx and kali, not windows :wink: pls PM if you know of any better tools than g…-c…

Can anyone please dm me a decent TTS tool?

Rooted.

$ nc -nlvp 1234
listening on [any] 1234 …
connect to [10.10.14.46] from (UNKNOWN) [10.10.10.163] 51680
id
uid=0(root) gid=0(root) groups=0(root)

User: Spend more time trying to get a good TTS + voice combo rather than forcing a bad one to work. I burned too many hours on default… Once you have that, the actual attack just requires looking in some well-known/guessable spots.

Root: As others have said, do some meticulous enumeration. Read the background on how the exploit works.

Happy to nudge people in the right direction!

Rooted
I was very interesting

Was the machine changed? Even after reset, a certain port related to killing a cat is closed?

Rooted. This box is pain

Just rooted it, WOW this box was fire :smiley:

Rooted!
Nice work from @mRr3b00t .
I got user with a famous “female” voice :slight_smile:
User is pretty straightforward if you don’t overthink.
For root…I got totally stuck into the m*t user waterhole because of its U (and a known exploit related to that U).
Then I realized there is something going on periodically…and we got the shell!
Cheers

it’s weird I got outputs
can I use base64 in this box to get shell ?

I have tried a lot of t…s and some words aren’t understood… I know the attack on the user but not all ■■■■ words are being understand by AI

■■■■ this box. I fucking hate it. I said fucking comma motherfucker not “come out” or any fucking variation of such.

So, does anyone know how to make machine understand queries correctly and not give “but i’m single” “select few” “err err” instead of actual words? I am using tts org with male voice. I am trying to add spaces to make ai read words relatively distinctly, but always get stuff from above, i can’t even get what condition make it happen.

EDIT: finally found site (sadly, not local tool) which, most of time, works. You can PM me for this site, i always get spoiler removed when posting tools in mrreboot machine’s forums.

Done. Finally.

it’s wired I got this uid=4294967294 gid=1000(a***) groups=1000(a***)

I got this sudo: unknown uid 4294967294: who are you? any hint

nice box I learned a lot of this box thanks MrR3boot

Root was a literal pain. Couldnt get exploit to work, ended up doing everything manually.
Gotta say, this machine was fun and not fun at the same time. Made me wanna cry a few times, but at the end it feels good to finish it.
Well done @MrR3boot !

Rooted. I got a root shell, and I used the exact same syntax to obtain it about ~13-14 times over. I reset the box twice. Super unreliable and not sure how to MAKE IT reliable. I didn’t change my methods for running anything the entire time. Did the same process over a dozen times and it just happened to work once.

Not really sure what was going on here, but not even going to bother investigating. This box was a huge pain in the ■■■ for me.

If I can show you my syntax @MrR3boot maybe you can better explain what I was doing wrong and/or what was causing it to be so unpredictable?

Thanks for the machine, regardless. Always a learning experience.

Edit: @MrR3boot has now verified what was causing this issue, and I’ve fixed it accordingly. For those of you running into a similar issue as myself, learn more about the service and specific aspects of it that your script may be utilizing. This is the part that stumped me!

I liked the user part, it was an original idea and an unusual task for a hacker. There were bad and good moments while I struggle to find a proper tts, but finally I managed to find an online service which “solved” my problem.

This was my second host that was made by MrR3boot, and noticed that he like to leave his signature. And it is only a signature and it is not the key to the vulnerability. I think I understand the joke (or fine irony?) behind “sudo”, which is very often solution for privilege escalation in this site.

Root part was interesting but contained uncertainty. I was lucky because my third attempt - including the same command - was successful.