i swear to god if i ever see mr robot i am going to dome him
just kidding.
i swear to god if i ever see mr robot i am going to dome him
just kidding.
@w3x said:
more typical mr robot easter egg hunt bullshit
i swear to god iām not going to do another one of these shitty boxes
Well I canāt make a box that pleases everyone and itās hard. We all are here for learning something new all the time and I strongly believe Iām justifying that in my submissions.
I am stuck on 2FA. cant get pass either missing p***** or Invalid a****. Found the vendor of this soft. but canāt build a freaking request based on their documentationā¦
Help plz!
Type your comment> @w3x said:
i swear to god if i ever see mr robot i am going to dome him
Iāve never seen you comment a single positive thing, and Iāve come across your comments quite a few times now on numerous forum threads.
If you donāt have any constructive criticism and/or positive feedback, maybe save yourself the embarrassment and refrain from saying anything at all.
Food for thought.
Nice machine @MrR3boot, the heap is destroying me.
Finally rooted this amazing box.
Last login: Tue Dec 17 13:31:35 2019
root@player2:~#
Thank you @MrR3boot & @b14ckh34rt for this enormous experience.
I learnt a ton on heap and yes, definitely bins in bins in bins is a great hint
Thanks also to @idomino for the interesting suggestions and @v01t4ic for the interesting conversations.
If I can add another hint: pay attention to g**** version.
See you next box!
Cheers
Type your comment> @blink3r said:
Finally rooted this amazing box.
Last login: Tue Dec 17 13:31:35 2019root@player2:~#
Thank you @MrR3boot & @b14ckh34rt for this enormous experience.
I learnt a ton on heap and yes, definitely bins in bins in bins is a great hint
Thanks also to @idomino for the interesting suggestions and @v01t4ic for the interesting conversations.
If I can add another hint: pay attention to g**** version.
See you next box!
Cheers
Well Done
By far my favorite box. Iām glad I went the intended way of getting root. It really forced me to get out of my comfort zone into the world of heaps and bins. Learned lots. Kudos to @MrR3boot and @b14ckh34rt. Thank you!
[*] Switching to interactive mode
# $ id
uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I donāt think Iāve read this much doing boxes before this one =) Absolutely positive that I wouldnāt be reading glibc course code
PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.
root@player2:~#
This was tough. Like, too tough. As in, I wonāt be doing something like this again for a WHILE, tough.
Thanks @MrR3boot and @b14ckh34rt for owning me, and also for improving my heap exp. skills! Root was especially hard for me as I typically find myself lacking in the RE and bin. exp. department(s). This machine forced me to re-learn (almost) everything from the ground up, and then start building my exploit from scratch.
Please keep making boxes
Type your comment> @v01t4ic said:
[*] Switching to interactive mode # $ id uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I donāt think Iāve read this much doing boxes before this one =) Absolutely positive that I wouldnāt be reading glibc course codePS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.
Solved using tcache? Nice work man. Glibc 2.29 has some nasty checks. Iām thinking Iāll just try and dodge tcache entirely for the time being. Weāll see how far I get with that thoughā¦ ^_^"
@farbs said:
root@player2:~#
This was tough. Like, too tough. As in, I wonāt be doing something like this again for a WHILE, tough.
Thanks @MrR3boot for owning me, and also for improving my heap exp. skills! Root was especially hard for me as I typically find myself lacking in the RE and bin. exp. department(s). This machine forced me to re-learn (almost) everything from the ground up, and then start building my exploit from scratch.
Please keep making boxes
Itās all the magic of @b14ckh34rt
@limbernie said:
By far my favorite box. Iām glad I went the intended way of getting root. It really forced me to get out of my comfort zone into the world of heaps and bins. Learned lots. Kudos to @MrR3boot and @b14ckh34rt. Thank you!
Mine too
@v01t4ic said:
[*] Switching to interactive mode# $ iduid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I donāt think Iāve read this much doing boxes before this one =) Absolutely positive that I wouldnāt be reading glibc course codePS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.
Glad you finished the Game without cheatcodes
Could someone give me a little nudge in the right direction to get past the 2FA?
Iām stuck at "Missing p*********"
in a**/t***
. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iām not connecting the dots from the hints.
Type your comment> @0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?
Iām stuck at
"Missing p*********"
ina**/t***
. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iām not connecting the dots from the hints.
Same spot. I was stuck here before I went away for a couple of weeks. Now Iām back and I fuzzed the ā ā ā ā out of it again to no avail.
@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?Iām stuck at
"Missing p*********"
ina**/t***
. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iām not connecting the dots from the hints.
I guess, itās a bad nudge, but seems very accurate to me.
Also keep in mind how you connect variables in programming languages when they consist of several words.
Type your comment> @v01t4ic said:
@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?Iām stuck at
"Missing p*********"
ina**/t***
. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iām not connecting the dots from the hints.I guess, itās a bad nudge, but seems very accurate to me.
Also keep in mind how you connect variables in programming languages when they consist of several words.
Thanks @v01t4ic for the nudge, it figured it out! With this in mind, going back to my notes was enough to get the parameter I was missing.
So, even though my progress here is terrible ( I feel it could be years before I get user), I feel a bit better because this is clearly such a hard box that even Hackplayers donāt have a password protected write up on it yet
What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi Also, user was another lesson in turning over every stone and looking underneath.
Thanks @MrR3boot & @b14ckh34rt for the box!