Obscurity

Although many of you said that root is straightforward, I’m not getting it. I believe the time is important, and there is a line for that, running the code as it is will give “that” error, while giving more time in a copy of the code, still getting same error.

Any hints would be appreciated.

I found the SSS page but my py skills is really bad. Could any one PM me a nudge or even a link to a cheatsheet I can devour to understand the page,

I found the SSS file, my py skill is lacking… Could any one PM me a nudge?

Please anyone help with directory fuzzing. I have tried reading the webpage, the specific error message, tried to do it manually, tried with burp intruder, wfuzz, ffuf, gobuster with all different extensions but I honestly can’t find ANYthing…

Please someone pm with a hint.

An interesting box that really tested my crypt skills (which are shocking). After I scripted a brute solution, it came to my attention there was a much easier way. Oh well, it’s all good practice which is what I’m here for.

Foothold:
You already know the name of who you’re looking for, save time by only searching for their house.
Once you understand what’s happening in the script, it’s pretty straight forward, although the correct syntax is a little fiddly to escape. First begin with some self exploration to confirm you’ve got it right.

User:
This was the hardest part for me (thanks to @AzAxIaL for the sanity checks). If you understand what the script is doing, you can reverse it (or try to figure out the easier option).

Root:
Read what the script is doing and be quick.

For anyone struggling to find the directory, you know what the end path is. You are only missing the parent directory. Do not just search for the parent directory. Search for an entire path fuzzing the parent directory only.

Finally rooted, this one was really fun!
Spent ages banging my head on the initial low-priv shell but after that it was a nice CTF-like experience. Thanks for this one!

I need a nudge on getting foothold… anyone?

Init: Mira como funcion la pagina cuando haces una consulta al PATH con hojas de estilo y sin las hojas de estilo, puedes utilizar wfuzz.
User0: Analiza el codigo y Utiliza Python para ejecutar lo que quieres, codificando lo que envias, si deseas ver la ejecucion de comandos haz una consulta con nslookup a tu maquina, ve el resultado en Responder o un simple ping.
User: Analiza y Python nuevamente, utiliza el script para obtener lo que quieres, no es necesario crear tu propio script.
Root: Python, otra vez. Analiza, watchaLO y cat, y cat o rip.
:v

could someone give me a hint, what should i do?, i found the server have any exploit for the server i have to use or am i on the wrong way?

Really fun box and pretty straightforward, especially if you know python well. PM me if you need some help.

PM if you need a nudge

Was missing a silly thing to root, thanks to @schex and @GhostSquad for their help.

Type your comment> @up2nogood said:

I need a nudge on getting foothold… anyone?

anytool IP/FUZZ/child

Rooted.

root@Obscure$ id
Output: uid=0(root) gid=0(root) groups=0(root)

one of the easiest boxes. as a Software developer it was pretty fun for me.

First time dealing with injection of any kind. I’ve got the py script and see the execution vulnerability but at the moment no clue how to go about injecting the command I want to execute. Can anyone give me a nudge?

Rooted.

Learned a lot about the the language. Thanks to @GhostSquad for the help for the user.

DM for help.

Got the user after literally 3 weeks of working on the box. Had HUGE amounts of help, but since this is my first user, I am very proud of the stuff that I have learned. Going for the root now.

rooted! Fun box. If anyone is having trouble generating the key, look at the code CAREFULLY and see what it does to each argument !!!

Rooted! Have learnt a lot from this lab.

I still have one question maybe someone can answer it. When I got the root credentials, I couldn’t use ssh to login and I had to switch to root from user. And I have checked the configuration, the passwordlogin is not disabled. Any ideas?