Obscurity

rooted

So this being my first box - quite enjoying it so far. However, got as far as the py code and know where the vuln is… just have no clue how to go about it! Any nudges are welcome :slight_smile:

Rooted finally! Had a lot of fun with this one.
As others have mentioned, I found user to be much harder than root.

Some tips:

Foothold: How can you get somewhere else from where you are? Read the code carefully and understand what it’s doing. How can you make sure the server handles your request the way you intend it to?

User: Again, read the code. This is a common equation. Basic algebra helps here, write it out.

Root: Code will tell you everything, time is of the essence. What inputs do you have control over? Focus on that.

Any nudge?

Got the py file and modify it to run locally but not getting any output.

Having trouble with this box, I’ve ran it through dirb, gobuster, nikto to no avail…I know I’m missing something, I can feel it in my bones. ANY help would be greatly appreciated!

Type your comment> @greenbandit said:

Having trouble with this box, I’ve ran it through dirb, gobuster, nikto to no avail…I know I’m missing something, I can feel it in my bones. ANY help would be greatly appreciated!

use ffuz. read the page carefully and identify the child and where to FUZZ .

@sko said:
Type your comment> @greenbandit said:

Having trouble with this box, I’ve ran it through dirb, gobuster, nikto to no avail…I know I’m missing something, I can feel it in my bones. ANY help would be greatly appreciated!

use ffuf. read the page carefully and identify the child and where to FUZZ .

I got the password for the user r****t, however when I try to log in with it I get an authentication error. Anyone had the same problem?

ok, rooted.
At first, i had the very same issues as many other while fuzzing. When i eventually got it i felt quite stupid for having wasted soo much time thinking of being working on something different…
I then sweated dozens of shirts while looking for the foothold, but i knew it was just a matter of time and retries…hint: check every value and debug on local.
User was already there. I mean: not so much difference from plaintext if you can do it also with excel!
If you are a right clicker like me, be careful with encoding. Things are not always as they show on screen.
Root is easy.

Rooted. This was a nice machine to get you to work on coming up with your own solutions, which in my opinion is a great way to learn and improve. Big thanks to @clubby789 for a nice box.

Now for the hints

INITIAL

  • Things need to be a little fuzzy in order to find what you need.
  • Remember to execute your plans to the letter.
  • One-liners are all you need.

USER

  • Scripts and texts. All you need.
  • 1 + x = 2 (Find x)
  • Got what you need? Now pick the lock.

ROOT

  • So you think you’re better than me?!
  • If only I was fast enough…oh wait! I don’t have to be.
  • The cat will reveal all.

If there are spoilers here, let me know and I’ll edit this.

As always, PM me here (Don’t write on my wall as it’s public), or on Discord. Tell me your progress so I can avoid spoilers (don’t just ask for a hint or a nudge!).

Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.

rooted

thank you rholas and Zer0xdz

although it’s easy to have root due to priv issues the intended way is fun. Super easy if you understand the code, anyway thx to @clubby789 for this box

Type your comment

Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

Type your comment> @gunroot said:

Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.

anytool IP/FUZZ/child

Type your comment> @lolotlse said:

Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

Consider that others are working on your same box, and your shell is in the same “context”, so you may see some other error.
Take what you need and go ahead.
Foothold is not intended to be the goal. :wink:

I’m really stuck at code injection point. No shell was opening when I inject the code. Can anyone help me? I don’t know why my payload isn’t sanitising properly. Tried different ways, but nothing worked out. Anyone please give me a nudge.

@Chobin73 said:
Type your comment> @lolotlse said:

Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

Consider that others are working on your same box, and your shell is in the same “context”, so you may see some other error.
Take what you need and go ahead.
Foothold is not intended to be the goal. :wink:

Thanks for your answer.I search hard…
happy new year everybody

Rooted, nice box especially for python developers, thanks to @clubby789