Obscurity

I think this is my first medium box, was pretty fun, especially user flag.

This one forced me to get away from my usual approaches which IMO is a good thing.

Some hints:

foothold: you’re told what to find, you can find it with simple tools
user: you’re given everything upfront, read it and research/understand each line, its a puzzle worth solving
root: Few ways here… one simple way is to do something twice

this is my very first box and i feel like im going about this wrong (or im just stupid) im connected in metasploit but my lists are failing to get in…

Can anyone please give me a helping hand with user. I have the pieces of the puzzle, but the glue, or the key rather, that holds them together still seems off. It’s soooo close but just not getting the proper o**.txt after getting it I think I’m off by just a few characters. Help would be much appreciated.

Rooted !!!
Really really fun box, it required some understanding of python, which is simply :heart:

This box takes you away from usual approaches to owning which I really liked.

Some HINTS:
Foothold: The page says it all, you have got the file to grab and also the directory told by them. Honestly can be grabbed manually (no fuzzing needed).

User: Simple yet interesting cracking of script, just understand what its doing and reverse it. Everything is given on a silver plate inside the home.

Root: Read the code carefully and exploit the vulnerability of SLEEPING rabit once it stored the important file at some location. Do basic scripting to capture that, since we humans are not that fast, but scripts are :wink:

Still Stuck??? Feel free to DM :slight_smile:

Nice box, got me building some cool scripts I haven’t had to do before, even if I didn’t use them.

Foothold was really basic, you could guess the directory or use a fuzz to find it. I’ve personally used this sort of directory before when starting a project.

User: Pretty simple once you find the files. I wrote a brute force script and let it run for 30 mins on a huge wordlist and found nothing. Reversing the script was so much easier and it took less than a second of compute time to find it.

Root: again really easy. Read that script you found and figure out how you can exploit it to find what you need. Took one google search and less than 5mins to get it working.

Type your comment> @Hilbert said:

I thought that was a super fun box, I enjoyed every step

user: If you understand what it’s doing, you don’t even need to write a line of code to reverse it

That’s seriously the best hint I’ve seen. Not on this box, like ever. Spared me so much time and at the same time not even revealing anything you don’t “know” already. Thanks!

@clubby789 PM’d to make sure rooted the intended way. Feels it’s still an unintended

Thanks, nice box :slight_smile:

Spoiler Removed

NVM, it’s back, thank you to whoever did that

As a total newbie I just want to give some thumbs up to all the people helping out. I cannot find the directory though :smiley: If someone can give me a nudge that would be great. Learned a lot from the faillures though :slight_smile:

Anyone got a good website or video on using ffuf and/or fuzzing techniques. Total n00b to this type of pentesting

Would love a nudge or recommended link for how to set up custom HTTP handlers.

Got Root
root@obscure:~# id
uid=0(root) gid=0(root) groups=0(root)

Rooted. This was a nice one. Was stuck on the encryptionpart, mostly because my exfiltrated files was corruped.

Root took me like 5 minutes to solve.

Rooted, ■■■ what a journey, but finally took Obscurity down. Thanks for the box @clubby789 , learnt loads on this, especially how much I like Python… :slight_smile:

can someone lend a hand for root. I am writing something to catch what is needed but it isn’t working (my python is not so great). Please PM me if you can help :slight_smile:

EDIT: Thank you @Hilbert
root@obscure:~# id
id
uid=0(root) gid=0(root) groups=0(root)

Nice box ! Root was easy if that is the intended way (which would match the machines name perfectly)

Hey guys, I’ve got user, but stuck at root. It seems I need to execute B***H.py, but when that script runs, it borks as it can’t access the shadow file. It seems it should run with a +s flag, but I guess I’m in a rabbit hole. Any help would be appreciated

UPDATE:
I solved it. Turns out there’s a way you can list a user’s abilities to run as root.

fun box :slight_smile:

  • foothold: ffuf is a great tool! if you already went through your dir dictionary several times maybe focus on files, the hint is dead on. Read the code, play with it in your local, debug it, if it looks weird follow your instinct

  • user: breaking crypto is way easier if you understand the encryption/decryption functions and have some examples laying around

  • root: your enum scripts should catch this one, and you might already have seen it while on your initial foothold. Racing against the clock works best when you’re faster and watch closely.

feel free to PM if stuck!

This was fun. I needed some nudges here and there so thanks to @c1cada @liloa and @sChr0D1NGer for the nudges…

rooted. Thanks for a nice box @clubby789.