Obscurity

I Found the SSS.py file, read it several times from begin to end, i think i know what part is vulnerable, but i haven’t been able to exploit it. I think i have to look at the part where the comment also says i have to look.
I also rewrote the python script and tried to exploit it locally, but that didn’t work either.
Can someone maybe give me a hint or anything to read to figure this out?

Beatifull Machine :slight_smile: Thanks to the maker
I liked the part of reading code and make some specific code to use.

Foothoold:
Big problem
User:
Easy part
Root:
I didn’t think to use the way which actually i used, i thought to use more elegant way

Type your comment> @Henkmeteenhoed said:

I Found the SSS.py file, read it several times from begin to end, i think i know what part is vulnerable, but i haven’t been able to exploit it. I think i have to look at the part where the comment also says i have to look.
I also rewrote the python script and tried to exploit it locally, but that didn’t work either.
Can someone maybe give me a hint or anything to read to figure this out?

Any language has a few dangerous functions which should raise red-flags, have you identified it ?

Hi Guys, just another noob here trying to learn the ways !!! struggling at the first hurdle. cant manage to fuzz this mother!!! tried ffuf , wfuzz (throws pycurl error 52), dirbuster… what am I doing wrong??? please show me the way… Thanks

Got it guys… got some help… fist time fuzzing :slight_smile:

@andy1979s said:
Hi Guys, just another noob here trying to learn the ways !!! struggling at the first hurdle. cant manage to fuzz this mother!!! tried ffuf , wfuzz (throws pycurl error 52), dirbuster… what am I doing wrong??? please show me the way… Thanks

i need a hint to root, i can’t use BH.py, i have problms to read /e/s** file

rooted, thanks @blay for your help when I was stuck.

Technically you don’t need any fuzzers to find the directory you want. However using wfuzz correctly will show you the way. Also no special word lists needed either.

Spoiler Removed

@andy1979s said:
Hi Guys, just another noob here trying to learn the ways !!! struggling at the first hurdle. cant manage to fuzz this mother!!! tried ffuf , wfuzz (throws pycurl error 52), dirbuster… what am I doing wrong??? please show me the way… Thanks

hi…
i’m quite sure that i’m repeating an ealier post… (again)…

  • you know the child!
  • you want to fuzz the parent-directory!!!..
    what should the command look like?..
    … /FUZZ/child…

rooted, thanks @6d6a6c , your advice helped me a lot to root. I learned a lot

how to manage % in the decrypt func ?? stuck there becuz values are going out of range … pm me please

Type your comment> @wolfflow27 said:

how to manage % in the decrypt func ?? stuck there becuz values are going out of range … pm me please

Maybe it’s better to look at this algo from a high-level perspective, it’s doing something very simple, which may look more complicated than it is if you start looking at the code. Just pick up a pen, take a word, encrypt it with a one letter key on your piece of paper, and it should all make sense.

Type your comment> @lebutter said:

Type your comment> @wolfflow27 said:

how to manage % in the decrypt func ?? stuck there becuz values are going out of range … pm me please

Maybe it’s better to look at this algo from a high-level perspective, it’s doing something very simple, which may look more complicated than it is if you start looking at the code. Just pick up a pen, take a word, encrypt it with a one letter key on your piece of paper, and it should all make sense.

yea yea ik the cipher method and also understood how it is done and how to decrypt but still not getting the key :\

Rooted!

Thanks for a fun box @clubby789

After fuzzing I got it, took some time though but learned a lot. Anyone willing to help me out with the py? I have an idea where the vuln is, but not sure how to use it. PM anyone?

Rooted! Hit me up for hints or chats. I’d love to hear some other ways people got root, cause I’ve heard there are others.

Great box! Loved this one

Got the initial shell, got the user.txt. BUT when trying to get reverse shell now getting lots of strings like “EOL while scanning string literal (, line 1)”
SOmetimes I see smbody’s ip-addresses there. There is a feeling that my connection is somehow iterfered… It is annoying a lot bcause I can not do anything.
How can I fix the issue?

I know what to exploit to get a foothold, but I don’t know, can anyone please help?

Type your comment> @UrfinJuice said:

Got the initial shell, got the user.txt. BUT when trying to get reverse shell now getting lots of strings like “EOL while scanning string literal (, line 1)”
SOmetimes I see smbody’s ip-addresses there. There is a feeling that my connection is somehow iterfered… It is annoying a lot bcause I can not do anything.
How can I fix the issue?

Got that too… all i did was i tried to run my commands quickly. Prepared in a separate window then copy-pasted.