Obscurity

i finally got the server to give me a shell. i had to get my shell in a way that i’ve never done before.

Hi, looking for a pointer. Initial fuzzing got me that py file and I’ve played around with it locally to get a certain function to behave oddly. However when I try to do any of this on the box, I’m getting nowhere. Could anyone give a nudge for how to leverage this to get RCE?

Type your comment> @TwistedSpoon99 said:

Hi, looking for a pointer. Initial fuzzing got me that py file and I’ve played around with it locally to get a certain function to behave oddly. However when I try to do any of this on the box, I’m getting nowhere. Could anyone give a nudge for how to leverage this to get RCE?

some of things you are trying to call may or may not be present on the box

Anybody that wanna help me formulate a payload for the python script? I’m sure I’ve found the vulnerable part and how to trigger it, I just struggle to escape it

Can anyone nudge me with a hint for the payload in the python script ??

i’ve got the first shell, i don’t know how to get the key to decrypt the o**.t** file, i need help

Rooted.
I really enjoyed the first part (getting foothold).
Hint for getting a foothold: There is a very strong hint given already, use it.
Hint for user: You’ll find a few files of interest, check them out.
Hint for root: Home stretch now, it’s pretty easy from here out. Now you can use something which you weren’t able to before.
If someone needs more hints, DM me.

Rooted! \o/

Once I got user, for some reason I did not have permission to execute what I needed to get root. I restarted the box and then it worked first time around. So if you getting issues with perms, just hit the button. :wink:

trying to get foothold.

would anyone be able to the help me with the SSS.py code? i’ve dabbled messing around with it locally but am not able to get anywhere, help would be appreciated!

I got root, fun box!

if need help you can send pm.

I Found the SSS.py file, read it several times from begin to end, i think i know what part is vulnerable, but i haven’t been able to exploit it. I think i have to look at the part where the comment also says i have to look.
I also rewrote the python script and tried to exploit it locally, but that didn’t work either.
Can someone maybe give me a hint or anything to read to figure this out?

Beatifull Machine :slight_smile: Thanks to the maker
I liked the part of reading code and make some specific code to use.

Foothoold:
Big problem
User:
Easy part
Root:
I didn’t think to use the way which actually i used, i thought to use more elegant way

Type your comment> @Henkmeteenhoed said:

I Found the SSS.py file, read it several times from begin to end, i think i know what part is vulnerable, but i haven’t been able to exploit it. I think i have to look at the part where the comment also says i have to look.
I also rewrote the python script and tried to exploit it locally, but that didn’t work either.
Can someone maybe give me a hint or anything to read to figure this out?

Any language has a few dangerous functions which should raise red-flags, have you identified it ?

Hi Guys, just another noob here trying to learn the ways !!! struggling at the first hurdle. cant manage to fuzz this mother!!! tried ffuf , wfuzz (throws pycurl error 52), dirbuster… what am I doing wrong??? please show me the way… Thanks

Got it guys… got some help… fist time fuzzing :slight_smile:

@andy1979s said:
Hi Guys, just another noob here trying to learn the ways !!! struggling at the first hurdle. cant manage to fuzz this mother!!! tried ffuf , wfuzz (throws pycurl error 52), dirbuster… what am I doing wrong??? please show me the way… Thanks

i need a hint to root, i can’t use BH.py, i have problms to read /e/s** file

rooted, thanks @blay for your help when I was stuck.

Technically you don’t need any fuzzers to find the directory you want. However using wfuzz correctly will show you the way. Also no special word lists needed either.

Spoiler Removed

@andy1979s said:
Hi Guys, just another noob here trying to learn the ways !!! struggling at the first hurdle. cant manage to fuzz this mother!!! tried ffuf , wfuzz (throws pycurl error 52), dirbuster… what am I doing wrong??? please show me the way… Thanks

hi…
i’m quite sure that i’m repeating an ealier post… (again)…

  • you know the child!
  • you want to fuzz the parent-directory!!!..
    what should the command look like?..
    … /FUZZ/child…