Obscurity

@Chobin73 said:
Type your comment> @lolotlse said:

Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

Consider that others are working on your same box, and your shell is in the same “context”, so you may see some other error.
Take what you need and go ahead.
Foothold is not intended to be the goal. :wink:

Thanks for your answer.I search hard…
happy new year everybody

Rooted, nice box especially for python developers, thanks to @clubby789

Right now in the place 1 + x = 2. Here I have to extract x. Any nudges/hints will be appreciated.

the initial shell was probably the hardest part for this box.

I am pretty bad at reading code even simple one like python… so i lookup certain opensource code analyzer/audit to pick up vulns function in code. Then, add a few line to get it work on my box so to get the reverse shell working.
From that point onward, everything is straight forward… seem to have no rabbit hole(or i didn’t step into…).

Great box to help me to improve my python code reading skill. Thump up for the author of the box !!

ps: if you stuck, feel free to reach me for hint.

Managed to find the directory of the SSS file.
Read and analyzed the code , found the exploitable part of the code but don’t really know how to do it or test it

Any help? Thanks in advance !

Frustratingly I found the initial foothold was fairly easy here.

However, I appear to be hitting a brick wall at the next step. I’ve tried to reverse the process in python (and it has failed) and I’ve tried to brute force it (and failed).

Tiny bit frustrating :smile:

@p4ncake said:
I’m having trouble copying the files from the remote box to my machine. scp keeps giving me connection refused. Should I just copy and paste? That doesn’t seem right.

You can use netcat to sling files around. Just remember to not use ctrl+c on a remote shell.

For those who are struggling with the initial foothold, ignore 255.

can anyone message me tips on how to inject with b**p? i’ve tried literally every way i can think of,

ROOTED finally.

root@Obscure$ id
Output: uid=0(root) gid=0(root) groups=0(root)

Need help in getting user flag . Thanks in advance !

New to Hacking. But Learning with passion. Maybe It was an easy machine for intermediate to elite hackers. For people like me, it took some time to get to know what is python and how it works. I rooted it. A lot of simple stuffs to know. I have spent 2 days just googling about the python codes, which involved in this box.

I managed to find the SSS.py file and have been analyzing the code. I know the function call within the code that is vulnerable but I’m having trouble piecing everything together in order to understand how to pass commands to execute on the server in order to gain the initial shell. Any nudges would be appreciated!

Feel like I am loosing it. I have reversed all but the last 4 chars of the password reminder … am i supposed to brute force the user pass with the info I have or did I mess up my python script somehow. A nudge would be appreciated.

am i the only idiot that cant trigger that sss.py script :confused: i know what to do with vuln.func. but still no shell.always bad req. 400 Sh*t :confused: need help… :s

Type your comment> @tuzz3232 said:

am i the only idiot that cant trigger that sss.py script :confused: i know what to do with vuln.func. but still no shell.always bad req. 400 Sh*t :confused: need help… :s

If you understand what happens in the certain point at exec() you will easily come to know what to do. As I’m new to this field, it took me almost 3 days to understand. Hint: One Line of Code with some quotes is enough. :slight_smile:

@toledonavy said:
Feel like I am loosing it. I have reversed all but the last 4 chars of the password reminder … am i supposed to brute force the user pass with the info I have or did I mess up my python script somehow. A nudge would be appreciated.

Hey don’t feel like loosing it. Learning is important. Tell me exactly at which point you’re stuck at. I can give some clues.

Type your comment> @gunroot said:

Type your comment> @tuzz3232 said:

am i the only idiot that cant trigger that sss.py script :confused: i know what to do with vuln.func. but still no shell.always bad req. 400 Sh*t :confused: need help… :s

If you understand what happens in the certain point at exec() you will easily come to know what to do. As I’m new to this field, it took me almost 3 days to understand. Hint: One Line of Code with some quotes is enough. :slight_smile:

when i wrote simple py script i can make reverse shell with exec()
but not on this server, even i cant ping myself. i am stuck again. i pass this one go on openadmin and rooted it. but turn back here. nothing goes forward :slight_smile:

Type your comment> @toledonavy said:

Feel like I am loosing it. I have reversed all but the last 4 chars of the password reminder … am i supposed to brute force the user pass with the info I have or did I mess up my python script somehow. A nudge would be appreciated.

I had the same issue.
For me the answer was: “do not trust what you have cut and pasted.”

Mixed feelings about this box - the message is clear and I liked it. It was also pretty straight forward. Still I don’t feel like I owned this one. Also with root in the end.