Obscurity

Spoiler Removed

Oops, my bad. Thought I was completely off so it wouldn’t be a spoiler LOL

Spoiler Removed

Получил root.

Машина очень полезная. Много нового узналю

Спасибо за создание @clubby789 . Ощущение двоякое в одном месте машина легка в другом сложна. Для ее решение нужно понимание яп python и bash

до пользователя нужно найти на сайте где расположен скрытый файл .py изучить его и понять как можно это использовать

изучите код и поймите что можно использовать и сделайте нагрузку. и получите оболочку

user: изучите скрипт поймите как он шифрует и попробуйте расшифровать. кодить не надо скрипт все сам делает. процедуру нужно повторить несколько раз

root: знания Bash и зацикливание вам помогут в открытие файла.

Hi guys can I have a nudge for encrypted

If you know Python, this machine would be a piece of cake. Otherwise, you may suffer.

This machine is purely CTF in my opinion so I really didn’t like it.

Initial entry: find the path, fffuf is the way to go.

User: Python (you will probably need to write code here)

Root: Python (reading is enough)

Good luck!

here my problem User: Python (you will probably need to write code here)

Rooted. My experience:
Foothold: Need a little bit of clever wfuzz. Just look at the 404 error its giving if you need hint…
User: The hardest one in this machine. I spend a whole day for it… You will need programming and math skills for decrypting it.
Root: Really easy once you do the user. Remember, if you cannot do a thing quickly, that’s why scripts were invented…

Feel free to PM me for hints. But I won’t be available for whole day. So be patient if I don’t reply…

I had a lot of fun with this one. Took some time, since after I had some network issues with netcat keeping open, I created my own “reverse-shell” for this.

It’s far from good, but I thought the idea was so laughable, that i just had to do it.

You can see it at : GitHub - blaudoom/HTB_obscurity
zip protected by root-flag

Also spent too much time not reading filenames properly and mistook the py in the home folder for the server-script. I was looking all over the server for the file :stuck_out_tongue:

@clubby789 Good first box IMO

Edit: Have to add that, eventough the root was easy, it was very current.

Rooted!

Initial FootHold:

  • Read the webpage and you will find something interesting but with not known path (any fuzzing tool will help you)
  • Read code and exploit

User:

  • Brute force is not necessary

Root:

  • Really?

I don’t know if I’d rate this as a pure CTF. It’s a lot of code reading, but that’s part of pentesting real world systems too. It just seems to be more condensed here. At least it’s not in some obscure language.

Foothold: Any fuzzer should work. I used wfuzz. Running the .py locally for debugging is a huge help.
User: More code reading. Take the time to understand the math being done. Ignore the context of what it says is being done, and just focus on the math.
Root: More code reading… pretty simple.

As a developer, I enjoy using someone’s code against them. Thanks @clubby789, that was fun.

I’ve read every post 3 times, tried several wordlist, even the full r**ky*u.txt with and without ext. I am doing something wrong and can’t figure out what i need to do. will someone pm me a nudge?

Thanks - got it

Rooted :slight_smile:

Fun and challenging box

Type your comment> @102707 said:

I’ve read every post 3 times, tried several wordlist, even the full r**ky*u.txt with and without ext. I am doing something wrong and can’t figure out what i need to do. will someone pm me a nudge?

I used d.td.t…n to find something very interesting. Parseltongue, what’s that? Time to learn. Yes, I’m still struggling :slight_smile:

Type your comment> @sulcud said:

Rooted!

Initial FootHold:

  • Read the webpage and you will find something interesting but with not known path (any fuzzing tool will help you)
  • Read code and exploit

User:

  • Brute force is not necessary

Root:

  • Really?

Just what i thought when i did root too :smiley:

.

which wordlist to use while fuzzing ? tried default wfuzz ,not giving any result

Thanks to the creator of the box, but I did not appreciate this machine at all.

root@obscure:/root# id
uid=0(root) gid=0(root) groups=0(root)

The user part is relatively simple … This is subjective of course … Otherwise for the root part you will not have too much complication.

Thanks ! @clubby789

Type your comment> @wolfflow27 said:

which wordlist to use while fuzzing ? tried default wfuzz ,not giving any result

ffuf works really well for initial fuzzing.

Rooted… learned few things… Was great! Seems i know a lot better Py then bash… as i used Py script for root… Need to close gaps in bash

Password for root really funny :slight_smile:

Feel free to ask if struggle…

Seem to be having a problem with the initial fuzzing, don’t seem to be able to find the directory