PlayerTwo

i swear to god if i ever see mr robot i am going to dome him

just kidding.

@w3x said:
more typical mr robot easter egg hunt bullshit
i swear to god iā€™m not going to do another one of these shitty boxes

Well I canā€™t make a box that pleases everyone and itā€™s hard. We all are here for learning something new all the time and I strongly believe Iā€™m justifying that in my submissions.

I am stuck on 2FA. cant get pass either missing p***** or Invalid a****. Found the vendor of this soft. but canā€™t build a freaking request based on their documentationā€¦
Help plz!

Type your comment> @w3x said:

i swear to god if i ever see mr robot i am going to dome him

Iā€™ve never seen you comment a single positive thing, and Iā€™ve come across your comments quite a few times now on numerous forum threads.

If you donā€™t have any constructive criticism and/or positive feedback, maybe save yourself the embarrassment and refrain from saying anything at all.

Food for thought.

Nice machine @MrR3boot, the heap is destroying me.

Finally rooted this amazing box.

Last login: Tue Dec 17 13:31:35 2019
root@player2:~# 

Thank you @MrR3boot & @b14ckh34rt for this enormous experience.
I learnt a ton on heap and yes, definitely bins in bins in bins is a great hint :wink:
Thanks also to @idomino for the interesting suggestions and @v01t4ic for the interesting conversations.
If I can add another hint: pay attention to g**** version.
See you next box!
Cheers

Type your comment> @blink3r said:

Finally rooted this amazing box.

Last login: Tue Dec 17 13:31:35 2019root@player2:~#

Thank you @MrR3boot & @b14ckh34rt for this enormous experience.
I learnt a ton on heap and yes, definitely bins in bins in bins is a great hint :wink:
Thanks also to @idomino for the interesting suggestions and @v01t4ic for the interesting conversations.
If I can add another hint: pay attention to g**** version.
See you next box!
Cheers

Well Done :slight_smile:

By far my favorite box. Iā€™m glad I went the intended way of getting root. It really forced me to get out of my comfort zone into the world of heaps and bins. Learned lots. Kudos to @MrR3boot and @b14ckh34rt. Thank you!

[*] Switching to interactive mode
# $ id
uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)

@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I donā€™t think Iā€™ve read this much doing boxes before this one =) Absolutely positive that I wouldnā€™t be reading glibc course code

PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.

root@player2:~# 

This was tough. Like, too tough. As in, I wonā€™t be doing something like this again for a WHILE, tough. :smiley:

Thanks @MrR3boot and @b14ckh34rt for owning me, and also for improving my heap exp. skills! Root was especially hard for me as I typically find myself lacking in the RE and bin. exp. department(s). This machine forced me to re-learn (almost) everything from the ground up, and then start building my exploit from scratch.

Please keep making boxes :slight_smile:

Type your comment> @v01t4ic said:

[*] Switching to interactive mode
# $ id
uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)

@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I donā€™t think Iā€™ve read this much doing boxes before this one =) Absolutely positive that I wouldnā€™t be reading glibc course code

PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.

Solved using tcache? Nice work man. Glibc 2.29 has some nasty checks. Iā€™m thinking Iā€™ll just try and dodge tcache entirely for the time being. Weā€™ll see how far I get with that thoughā€¦ ^_^"

@farbs said:

root@player2:~# 

This was tough. Like, too tough. As in, I wonā€™t be doing something like this again for a WHILE, tough. :smiley:

Thanks @MrR3boot for owning me, and also for improving my heap exp. skills! Root was especially hard for me as I typically find myself lacking in the RE and bin. exp. department(s). This machine forced me to re-learn (almost) everything from the ground up, and then start building my exploit from scratch.

Please keep making boxes :slight_smile:

Itā€™s all the magic of @b14ckh34rt :wink:

@limbernie said:
By far my favorite box. Iā€™m glad I went the intended way of getting root. It really forced me to get out of my comfort zone into the world of heaps and bins. Learned lots. Kudos to @MrR3boot and @b14ckh34rt. Thank you!

Mine too :wink:

@v01t4ic said:
[*] Switching to interactive mode# $ iduid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)

@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I donā€™t think Iā€™ve read this much doing boxes before this one =) Absolutely positive that I wouldnā€™t be reading glibc course code

PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.

Glad you finished the Game without cheatcodes :wink:

IMAGE ALT TEXT HERE

Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

Type your comment> @0xRCE said:

Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

Same spot. I was stuck here before I went away for a couple of weeks. Now Iā€™m back and I fuzzed the ā– ā– ā– ā–  out of it again to no avail.

@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

I guess, itā€™s a bad nudge, but seems very accurate to me.

Also keep in mind how you connect variables in programming languages when they consist of several words.

Type your comment> @v01t4ic said:

@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

https://youtu.be/Q48FtnmhbdI

I guess, itā€™s a bad nudge, but seems very accurate to me.

Also keep in mind how you connect variables in programming languages when they consist of several words.

Thanks @v01t4ic for the nudge, it figured it out! With this in mind, going back to my notes was enough to get the parameter I was missing.

So, even though my progress here is terrible ( I feel it could be years before I get user), I feel a bit better because this is clearly such a hard box that even Hackplayers donā€™t have a password protected write up on it yet :smile:

What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi :slight_smile: Also, user was another lesson in turning over every stone and looking underneath.

Thanks @MrR3boot & @b14ckh34rt for the box!