Obscurity

I got the password for the user r****t, however when I try to log in with it I get an authentication error. Anyone had the same problem?

ok, rooted.
At first, i had the very same issues as many other while fuzzing. When i eventually got it i felt quite stupid for having wasted soo much time thinking of being working on something different…
I then sweated dozens of shirts while looking for the foothold, but i knew it was just a matter of time and retries…hint: check every value and debug on local.
User was already there. I mean: not so much difference from plaintext if you can do it also with excel!
If you are a right clicker like me, be careful with encoding. Things are not always as they show on screen.
Root is easy.

Rooted. This was a nice machine to get you to work on coming up with your own solutions, which in my opinion is a great way to learn and improve. Big thanks to @clubby789 for a nice box.

Now for the hints

INITIAL

  • Things need to be a little fuzzy in order to find what you need.
  • Remember to execute your plans to the letter.
  • One-liners are all you need.

USER

  • Scripts and texts. All you need.
  • 1 + x = 2 (Find x)
  • Got what you need? Now pick the lock.

ROOT

  • So you think you’re better than me?!
  • If only I was fast enough…oh wait! I don’t have to be.
  • The cat will reveal all.

If there are spoilers here, let me know and I’ll edit this.

As always, PM me here (Don’t write on my wall as it’s public), or on Discord. Tell me your progress so I can avoid spoilers (don’t just ask for a hint or a nudge!).

Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.

rooted

thank you rholas and Zer0xdz

although it’s easy to have root due to priv issues the intended way is fun. Super easy if you understand the code, anyway thx to @clubby789 for this box

Type your comment

Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

Type your comment> @gunroot said:

Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.

anytool IP/FUZZ/child

Type your comment> @lolotlse said:

Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

Consider that others are working on your same box, and your shell is in the same “context”, so you may see some other error.
Take what you need and go ahead.
Foothold is not intended to be the goal. :wink:

I’m really stuck at code injection point. No shell was opening when I inject the code. Can anyone help me? I don’t know why my payload isn’t sanitising properly. Tried different ways, but nothing worked out. Anyone please give me a nudge.

@Chobin73 said:
Type your comment> @lolotlse said:

Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

Consider that others are working on your same box, and your shell is in the same “context”, so you may see some other error.
Take what you need and go ahead.
Foothold is not intended to be the goal. :wink:

Thanks for your answer.I search hard…
happy new year everybody

Rooted, nice box especially for python developers, thanks to @clubby789

Right now in the place 1 + x = 2. Here I have to extract x. Any nudges/hints will be appreciated.

the initial shell was probably the hardest part for this box.

I am pretty bad at reading code even simple one like python… so i lookup certain opensource code analyzer/audit to pick up vulns function in code. Then, add a few line to get it work on my box so to get the reverse shell working.
From that point onward, everything is straight forward… seem to have no rabbit hole(or i didn’t step into…).

Great box to help me to improve my python code reading skill. Thump up for the author of the box !!

ps: if you stuck, feel free to reach me for hint.

Managed to find the directory of the SSS file.
Read and analyzed the code , found the exploitable part of the code but don’t really know how to do it or test it

Any help? Thanks in advance !

Frustratingly I found the initial foothold was fairly easy here.

However, I appear to be hitting a brick wall at the next step. I’ve tried to reverse the process in python (and it has failed) and I’ve tried to brute force it (and failed).

Tiny bit frustrating :smile:

@p4ncake said:
I’m having trouble copying the files from the remote box to my machine. scp keeps giving me connection refused. Should I just copy and paste? That doesn’t seem right.

You can use netcat to sling files around. Just remember to not use ctrl+c on a remote shell.

For those who are struggling with the initial foothold, ignore 255.

can anyone message me tips on how to inject with b**p? i’ve tried literally every way i can think of,