Obscurity

rooted, thanks @blay for your help when I was stuck.

Technically you don’t need any fuzzers to find the directory you want. However using wfuzz correctly will show you the way. Also no special word lists needed either.

Spoiler Removed

@andy1979s said:
Hi Guys, just another noob here trying to learn the ways !!! struggling at the first hurdle. cant manage to fuzz this mother!!! tried ffuf , wfuzz (throws pycurl error 52), dirbuster… what am I doing wrong??? please show me the way… Thanks

hi…
i’m quite sure that i’m repeating an ealier post… (again)…

  • you know the child!
  • you want to fuzz the parent-directory!!!..
    what should the command look like?..
    … /FUZZ/child…

rooted, thanks @6d6a6c , your advice helped me a lot to root. I learned a lot

how to manage % in the decrypt func ?? stuck there becuz values are going out of range … pm me please

Type your comment> @wolfflow27 said:

how to manage % in the decrypt func ?? stuck there becuz values are going out of range … pm me please

Maybe it’s better to look at this algo from a high-level perspective, it’s doing something very simple, which may look more complicated than it is if you start looking at the code. Just pick up a pen, take a word, encrypt it with a one letter key on your piece of paper, and it should all make sense.

Type your comment> @lebutter said:

Type your comment> @wolfflow27 said:

how to manage % in the decrypt func ?? stuck there becuz values are going out of range … pm me please

Maybe it’s better to look at this algo from a high-level perspective, it’s doing something very simple, which may look more complicated than it is if you start looking at the code. Just pick up a pen, take a word, encrypt it with a one letter key on your piece of paper, and it should all make sense.

yea yea ik the cipher method and also understood how it is done and how to decrypt but still not getting the key :\

Rooted!

Thanks for a fun box @clubby789

After fuzzing I got it, took some time though but learned a lot. Anyone willing to help me out with the py? I have an idea where the vuln is, but not sure how to use it. PM anyone?

Rooted! Hit me up for hints or chats. I’d love to hear some other ways people got root, cause I’ve heard there are others.

Great box! Loved this one

Got the initial shell, got the user.txt. BUT when trying to get reverse shell now getting lots of strings like “EOL while scanning string literal (, line 1)”
SOmetimes I see smbody’s ip-addresses there. There is a feeling that my connection is somehow iterfered… It is annoying a lot bcause I can not do anything.
How can I fix the issue?

I know what to exploit to get a foothold, but I don’t know, can anyone please help?

Type your comment> @UrfinJuice said:

Got the initial shell, got the user.txt. BUT when trying to get reverse shell now getting lots of strings like “EOL while scanning string literal (, line 1)”
SOmetimes I see smbody’s ip-addresses there. There is a feeling that my connection is somehow iterfered… It is annoying a lot bcause I can not do anything.
How can I fix the issue?

Got that too… all i did was i tried to run my commands quickly. Prepared in a separate window then copy-pasted.

Type your comment> @M0squ3ra said:

i need a hint to root, i can’t use BH.py, i have problms to read /e/s** file

having the same problem, do you have a hint for me?

edit: rooted, reset was needed and then did it the intended way I think

Hey, if anyone can point me in the right direction as to why my snakey-x payload isn’t working properly? I’ve got it working locally but when I try the exact same thing on the page, I get an empty response.

I can DM the payload if anyone can help

Once I got user, for some reason I did not have permission to execute what I needed to get root and restarted the machine many times and no change happen

Hello, I tried to launch the S*.py locally without success on my kali.
Do you have a hint for that ?
Thanks

So, you get an error?

yes i got an error