Obscurity

1356727

Comments

  • I guess it'll be a simple dir name, but there's something more I still don't get...

    BadRain

  • Finally rooted
    Someone modify critical file (crypt) thats why not worked.

  • Type your comment> @twypsy said:

    @idomino said:

    Based on the reactions I'm getting maybe I was too harsh when I said "one of the easiest ones currently available", maybe it was just easy for me, as all stages are simply solved by a few lines of python, but I guess I can understand why people are struggling with stock tools.

    To be honest, I don't give credibility to any comment in HTB regarding the difficulty of a machine, and I might suggest the same to anybody who joined HTB recently. What seems easy now, might not have seemed easy in the past.

    Excellent point! "difficulty", "easy", "hard", etc are all relative terms and very much individualistic. Nobody should feel bad they are struggling to bust this "piece of cake" / "easy" box, because the fact is those judgements of how challenging this box is, really only applies to the people making those comments. If you do not even know / never had to use the finer techniques/points this box uses, then I can imagine this box will be quite difficult. However, everything is difficult until it is not. So keep applying and learning.

  • edited December 2019

    Type your comment> @GPLO said:

    Missing something here..
    I found some interesting things early on with burpsuite. I then enumerated a user and 2 text files with wfuzz but can't find the .py file.
    A SMALL nudge would be appreciated.

    It's a secret directory, and under it you should find the py file you are looking for.

    Use a common wordlist, no need to go with big ones.

    Just in case, check you are using port 8080 and not 80.

    twypsy

  • Type your comment> @twypsy said:

    Type your comment> @GPLO said:

    Missing something here..
    I found some interesting things early on with burpsuite. I then enumerated a user and 2 text files with wfuzz but can't find the .py file.
    A SMALL nudge would be appreciated.

    It's a secret directory, and under it you should find the py file you are looking for.

    Use a common wordlist, no need to go with big ones.

    Just in case, check you are using port 8080 and not 80.

    I thought I'd done that but your comment made me realize I didn't quite do it the right way. Focused too much on an interesting vulnerability I found early on :'(

    GPLO

  • Rooted. Nice one @clubby789, although I believe there is an "easy" (and potentially unintended) method for root that should be patched if possible as it sorta ruined that bit for me. I'm going to go back and do it the (what I believe to be) intended way now though :)

    Thanks for the machine!

    Hints:

    Foothold: Fuzzing & then Source Code analysis. Look at what you can do to get RCE.

    User: There are a few different ways of doing this. You have an input and an output -- these two things should be enough to work backwards.

    Root (Intended Method Only): Analyze the code, and check what is outputted. Keep checking... and checking... Once you do that, you'll have everything you need.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • @farbs said:

    Rooted. Nice one @clubby789, although I believe there is an "easy" (and potentially unintended) method for root that should be patched if possible as it sorta ruined that bit for me.

    Yeah, that's unintended, and I've been told a fix is being pushed. To anyone else who used a that method to get root, I suggest you go back and try it the intended way :)

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited December 2019

    @clubby789 said:

    Yeah, that's unintended, and I've been told a fix is being pushed. To anyone else who used a that method to get root, I suggest you go back and try it the intended way :)

    Having just solved it as my first machine, i honestly have no clue if i did it the right or wrong way :)

    It was probably the easy way, as the root password was a lot easier to obtain than the rest of the machine. Or i did it the right way and completely missed out on the easier way :)

    Anyway, thanks for creating it. While some comments mention it's useless i learned something from it, so it's certainly not useless.

    I can't wait to see a writeup of it to see if i did it the right or wrong way.

  • Hi, having hard times with wfuzz and stuck pls help on PM, I have proper port 8080 but even when using big dict I get nothing ...

  • Type your comment> @VisualDudek said:

    Hi, having hard times with wfuzz and stuck pls help on PM, I have proper port 8080 but even when using big dict I get nothing ...

    dirbuster worked for me.

  • i'm having problems fuzzing here, anyone willing to give me a hand?

  • The source code is really simple to read. I know exactly which part I should exploit. I tried several times, but it did not work. Then I ran the source on my own computer. And it works. ... ... Still missing something here. :D

    Blaudoom
    Discord: Blaudoom#1254

  • Type your comment> @blaudoom said:

    The source code is really simple to read. I know exactly which part I should exploit. I tried several times, but it did not work. Then I ran the source on my own computer. And it works. ... ... Still missing something here. :D

    https://www.w3schools.com/tags/ref_urlencode.asp

  • edited December 2019

    Type your comment> @yeezybusta said:

    Type your comment> @blaudoom said:

    The source code is really simple to read. I know exactly which part I should exploit. I tried several times, but it did not work. Then I ran the source on my own computer. And it works. ... ... Still missing something here. :D

    https://www.w3schools.com/tags/ref_urlencode.asp

    I know about url-encoding. And as I said, I am hosting the same server myself. I am Connecting to it the same way I connect to the box. Thats why I find a bit weird.

    edit: reset seemed to work.

    Blaudoom
    Discord: Blaudoom#1254

  • Type your comment> @yeezybusta said:

    Type your comment> @blaudoom said:

    The source code is really simple to read. I know exactly which part I should exploit. I tried several times, but it did not work. Then I ran the source on my own computer. And it works. ... ... Still missing something here. :D

    https://www.w3schools.com/tags/ref_urlencode.asp

    This one really helped
    i got a shell as w**-d*** now i think i'm a little bit stuck there
    could anyone help?

  • I'm still stuck on enumeration... I tried dirb, dirbuster, fuzzing with zap and burp, wit different dictionary... what's wrong? Can anybody put me on the right path? thank you

    |GPEN|CEH|eJPT|CySA|

  • edited December 2019

    Rooted.

    Initial foothold is more ctf-like,that's why i was stuck, but other parts were very good.

    Hints:

    Initial foothold: After checking front page, you will know one thing, and need to know another thing. fuzz these things together. Then you will find a hole which you can inject your weapon :)

    User: Use your algorithm skills and get X from y^x=z ;)

    Root: Much more simple than user. just add the specified option one more time.

  • Type your comment> @jinie said:

    @clubby789 said:

    Yeah, that's unintended, and I've been told a fix is being pushed. To anyone else who used a that method to get root, I suggest you go back and try it the intended way :)

    Having just solved it as my first machine, i honestly have no clue if i did it the right or wrong way :)

    It was probably the easy way, as the root password was a lot easier to obtain than the rest of the machine. Or i did it the right way and completely missed out on the easier way :)

    Anyway, thanks for creating it. While some comments mention it's useless i learned something from it, so it's certainly not useless.

    I can't wait to see a writeup of it to see if i did it the right or wrong way.

    You did it the right way definitely.

    The other path required taking the box out of the obscurity.

    twypsy

  • edited December 2019

    Found what I needed with wfuzz. Downloaded a copy and found the exploitable piece of code. I ran the code locally and experimented until i got the syntax right. I have 2 versions which both work locally. When I target obscurity however I get a 404 and my listener doesn't trigger :( Intended?

    GPLO

  • edited December 2019

    My problem is with m**e****s... I can't avoid 500 error

    BadRain

  • Type your comment> @GPLO said:

    Found what I needed with wfuzz. Downloaded a copy and found the exploitable piece of code. I ran the code locally and experimented until i got the syntax right. I have 2 versions which both work locally. When I target obscurity however I get a 404 and my listener doesn't trigger :( Intended?

    nvm, found my problem. Don't assume when you can check!

    GPLO

  • @clubby789 Great box! Not sure why ppl are not giving it the stars it deserve. It was easy, but I had a lot of fun.

  • Got user!
    Going for root!

    Hack The Box

  • I have found the code file; however, I am struggling to set up a debug environment to manipulate the code. Does anyone have the time to help me out with what the code is doing and just some pointers on what to look out for? Thank you in advance. And I know, I know "try harder".

  • edited December 2019

    I have the script S **** S ***** S *****. Py apparently the function that I should use is s s****D** but I've analyzed the code and I'm stuck. Anyone with a hint?

  • Nice box!
    Pretty CTF-like and really enjoyable.. shame on the "easy" method though, the legit method is really fun.
  • got the .py file after using ffuf. other tools were too slow.

    now i'm having issues with the python code.

  • Rooted, thanks the most to @atii22 for helping me
    anyone needs help you can contact me

  • Nice box.. i tried almost two ways to root. unintended and intended. (please fix unintended as soon as possible). You need to speak in basic python like Harry Potter.

    For some hints or nudge, send me a message.

Sign In to comment.