Obscurity

1111214161725

Comments

  • edited January 4

    just started this box and already annoyed with finding the directory. have ran it through dirbuster, wfuzz, ffuf etc without results. Can someone shoot me a nudge?

    Edit - Once again, i was so close and just missed a stupid part. Thanks for the help everyone. Time to pull my hair out next looking for user.

  • Type your comment> @p4ncake said:

    I'm having trouble copying the files from the remote box to my machine. scp keeps giving me connection refused. Should I just copy and paste? That doesn't seem right.

    if you want to just copy/paste it, encode it into base64 first

  • edited January 4

    I'm pretty confident about my ffuf syntax but i'm obviously missing something, could someone PM me? No fuzzer gives me any result. I want to move on already!

    Edit: Nevermind... got it

  • Having trouble finding the .py file. Tried using dirbuser, dirb, wfuzz, ffuf, with almost every wordlist. Not sure what I am doing wrong. Can someone PM me, I would greatly appreciate it.

  • rooted!
    Nice box, force us not only to read an understand source code, also offers a good exercise analyzing it looking for vulnerable code and how to exploit it.

    PM if need some help

    rulzgz

  • So this being my first box - quite enjoying it so far. However, got as far as the py code and know where the vuln is... just have no clue how to go about it! Any nudges are welcome :)

  • Rooted finally! Had a lot of fun with this one.
    As others have mentioned, I found user to be much harder than root.

    Some tips:

    Foothold: How can you get somewhere else from where you are? Read the code carefully and understand what it's doing. How can you make sure the server handles your request the way you intend it to?

    User: Again, read the code. This is a common equation. Basic algebra helps here, write it out.

    Root: Code will tell you everything, time is of the essence. What inputs do you have control over? Focus on that.

  • Any nudge?

    Got the py file and modify it to run locally but not getting any output.

  • Having trouble with this box, I've ran it through dirb, gobuster, nikto to no avail..I know I'm missing something, I can feel it in my bones. ANY help would be greatly appreciated!

  • Type your comment> @greenbandit said:

    Having trouble with this box, I've ran it through dirb, gobuster, nikto to no avail..I know I'm missing something, I can feel it in my bones. ANY help would be greatly appreciated!

    use ffuz. read the page carefully and identify the child and where to FUZZ .

  • @sko said:
    Type your comment> @greenbandit said:

    Having trouble with this box, I've ran it through dirb, gobuster, nikto to no avail..I know I'm missing something, I can feel it in my bones. ANY help would be greatly appreciated!

    use ffuf. read the page carefully and identify the child and where to FUZZ .

  • I got the password for the user r****t, however when I try to log in with it I get an authentication error. Anyone had the same problem?

  • ok, rooted.
    At first, i had the very same issues as many other while fuzzing. When i eventually got it i felt quite stupid for having wasted soo much time thinking of being working on something different...
    I then sweated dozens of shirts while looking for the foothold, but i knew it was just a matter of time and retries...hint: check every value and debug on local.
    User was already there. I mean: not so much difference from plaintext if you can do it also with excel!
    If you are a right clicker like me, be careful with encoding. Things are not always as they show on screen.
    Root is easy.

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • Rooted. This was a nice machine to get you to work on coming up with your own solutions, which in my opinion is a great way to learn and improve. Big thanks to @clubby789 for a nice box.

    Now for the hints

    INITIAL
    - Things need to be a little fuzzy in order to find what you need.
    - Remember to execute your plans to the letter.
    - One-liners are all you need.

    USER
    - Scripts and texts. All you need.
    - 1 + x = 2 (Find x)
    - Got what you need? Now pick the lock.

    ROOT
    - So you think you're better than me?!
    - If only I was fast enough...oh wait! I don't have to be.
    - The cat will reveal all.

    If there are spoilers here, let me know and I'll edit this.

    As always, PM me here (Don't write on my wall as it's public), or on Discord. Tell me your progress so I can avoid spoilers (don't just ask for a hint or a nudge!).

    Hack The Box
    Discord: AzAxIaL#8633

  • Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.

  • rooted

    thank you rholas and Zer0xdz

  • although it's easy to have root due to priv issues the intended way is fun. Super easy if you understand the code, anyway thx to @clubby789 for this box

  • Type your comment

  • Hi all
    I dont understand but the shell was not stable
    I obtain that
    invalid syntax (, line 1)
    EOL while scanning string literal (, line 1)
    and cannot navigate normally did somebody could be help me if not have this.
    thanks for your help

  • Type your comment> @gunroot said:

    Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.

    anytool IP/FUZZ/child

  • Type your comment> @lolotlse said:

    Hi all
    I dont understand but the shell was not stable
    I obtain that
    invalid syntax (, line 1)
    EOL while scanning string literal (, line 1)
    and cannot navigate normally did somebody could be help me if not have this.
    thanks for your help

    Consider that others are working on your same box, and your shell is in the same "context", so you may see some other error.
    Take what you need and go ahead.
    Foothold is not intended to be the goal. ;)

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • I'm really stuck at code injection point. No shell was opening when I inject the code. Can anyone help me? I don't know why my payload isn't sanitising properly. Tried different ways, but nothing worked out. Anyone please give me a nudge.

  • @Chobin73 said:
    Type your comment> @lolotlse said:

    Hi all
    I dont understand but the shell was not stable
    I obtain that
    invalid syntax (, line 1)
    EOL while scanning string literal (, line 1)
    and cannot navigate normally did somebody could be help me if not have this.
    thanks for your help

    Consider that others are working on your same box, and your shell is in the same "context", so you may see some other error.
    Take what you need and go ahead.
    Foothold is not intended to be the goal. ;)

    Thanks for your answer.I search hard....
    happy new year everybody

  • Rooted, nice box especially for python developers, thanks to @clubby789

  • Right now in the place 1 + x = 2. Here I have to extract x. Any nudges/hints will be appreciated.

  • edited January 7

    the initial shell was probably the hardest part for this box.

    I am pretty bad at reading code even simple one like python... so i lookup certain opensource code analyzer/audit to pick up vulns function in code. Then, add a few line to get it work on my box so to get the reverse shell working.
    From that point onward, everything is straight forward.. seem to have no rabbit hole(or i didn't step into...).

    Great box to help me to improve my python code reading skill. Thump up for the author of the box !!

    ps: if you stuck, feel free to reach me for hint.

  • edited January 7
    Managed to find the directory of the SSS file.
    Read and analyzed the code , found the exploitable part of the code but don't really know how to do it or test it

    Any help? Thanks in advance !

    IamKsNoob

  • Frustratingly I found the initial foothold was fairly easy here.

    However, I appear to be hitting a brick wall at the next step. I've tried to reverse the process in python (and it has failed) and I've tried to brute force it (and failed).

    Tiny bit frustrating :smile:

  • @p4ncake said:
    I'm having trouble copying the files from the remote box to my machine. scp keeps giving me connection refused. Should I just copy and paste? That doesn't seem right.

    You can use netcat to sling files around. Just remember to not use ctrl+c on a remote shell.

Sign In to comment.