Obscurity

1246716

Comments

  • edited December 2019

    I can't for the life of me find the directory.. I've tried with 3 different tools now to no avail..

    EDIT:
    Found it, has to adjust my bustin' a little.

    Vex20k

  • Type your comment> @Vex20k said:
    > I can't for the life of me find the directory.. I've tried with 3 different tools now to no avail..

    Same here, any hint?
  • edited December 2019

    Spoiler Removed

  • edited December 2019

    Spoiler Removed
    Sorry

  • Spoiler Removed

  • If you're struggling with crypto don't give up.
    Read carefully how the script is encrypting data and how it's using the key.
    If you're not familiar with python scripting, well, the key can be "cracked" manually in 20 minutes.

  • Is the box broken or something? Not getting any response from the services.

  • edited December 2019

    User was fun :) Now on to root

    4 minutes later: root was a bit disappointing

    GPLO

  • Need some help for regarding the server

  • edited December 2019

    [email protected]:~/#
    Great Box.
    I enjoyed the challenges ;)

    Foothold :

    See what the function is doing and where is it interacting.

    User : Easy Small Challenge

    Root : Not sure on what to suggest as I did the unintended way.

    Thanks @clubby789 for this box!

    Hack The Box

  • edited December 2019

    root easy way: patched
    (rooted on catch way too)
    Hack The Box

  • root... i love this box - i'm software developer and it was nice one for me :)

    feel free to pm for help

  • edited December 2019

    Done. Fun for juniors like me and straightforward. User harder, root simpler.

  • used gobuster dirbuster ffuf wfuzz and intruder still nothing
    a small hint would be nice.... please sent me a pm..
    thx

    Hack The Box

  • Type your comment> @madhack said:

    used gobuster dirbuster ffuf wfuzz and intruder still nothing
    a small hint would be nice.... please sent me a pm..
    thx

    just look for specific path

  • found it, thx people!

    Hack The Box

  • any proper hints available on how to find or where this "key" is ? really don't like this box and it's taking me triple the time it should due to 100% being python :(

    Hack The Box

  • Just Rooted. I think in the unintended way since it was really too easy.

    Hack The Box

  • Guys need a nudge... Found what command to exploit... copied and run this server on my local machine... tested my exploit string.. and it worked... but it doesnt work on Obscure machine... what do i miss??? it returns 404 error and shows my string which passes into that func correctly.. but doesnt give a reverse shell....

  • Box patched now. Root part is harder.

    Hint for root :
    Code auditing. It's sad you cant read the file quickly enough.

  • edited December 2019

    There are multiple ways for root using the py script. I found one not involving anything py at all.

  • there are atleast 4 ways..

    0byte

  • So I have the script and an idea what to do but it doesn't work. Not sure if I am on the right track. Trying to exploit e***c. (Hope that doesn't spoil too much)
    Can someone send me a little nudge?
  • Rooted. Fun box ! Kudo's for the creator.

    For nudges feel free to dm me.

    Hack The Box

  • Rooted Fun

    PM for Hints

  • edited December 2019

    I thought that was a super fun box, I enjoyed every step

    user: If you understand what it's doing, you don't even need to write a line of code to reverse it

    root: I'm apparently opposite of everyone so far, as I thought root (I went intended way) was significantly harder than user (Thanks to @bertalting for the help), so if that's you, don't get discouraged by the comments, you aren't alone. If you are stuck you might want to Watch where you are looking. Also, I had to create the /***/S**/ directory for some reason which I don't understand, but if you are getting that error, try that.

    Hilbert

  • Fun box. Finally rooted. User was super hard for me, thanks for all who helped me out with it. Root was rather simple, but dont think too hard on it...It will be obvious as others have said. PM if you need help!

    Hack The Box

  • Pew, finally rooted. I dont really think, this box should be marked as "easy". to be honest, foothold has space to do some tricks. maybe, i am just a noob, but next steps wasnt "easy" for me. i would rather call it "easy-medium". Thanks @clubby789. Great box

  • edited December 2019

    gobuster and ffuf not working for me. any hints plz?

    EDIT: Got it, thanks for the nudges!

  • Type your comment> @rudem said:

    gobuster and ffuf not working for me. any hints plz?

    it works...

Sign In to comment.