PlayerTwo

1234689

Comments

  • @naveen1729 said:
    really enjoyed the process of getting root on this box, amazing feeling to get the exploit working after several intensive days. thanks to the creators!

    Glad you enjoyed the Game!

    MrR3boot
    Learn | Hack | Have Fun

  • @v01t4ic said:
    @MrR3boot, i think i know the name of this game we're playing here.. is it "@#$%ing chunk tetris"?! =)

    Bins in bins in bins ;)

    MrR3boot
    Learn | Hack | Have Fun

  • more typical mr robot easter egg hunt bullshit
    i swear to god i'm not going to do another one of these shitty boxes

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • edited January 9

    Stripped binary is painful. Ouch!

    limbernie
    Write-ups of retired machines

  • w3xw3x
    edited January 9

    i swear to god if i ever see mr robot i am going to dome him

    just kidding.

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • > @w3x said:
    > more typical mr robot easter egg hunt bullshit
    > i swear to god i'm not going to do another one of these shitty boxes

    Well I can’t make a box that pleases everyone and it’s hard. We all are here for learning something new all the time and I strongly believe I’m justifying that in my submissions.

    MrR3boot
    Learn | Hack | Have Fun

  • I am stuck on 2FA. cant get pass either missing p***** or Invalid a****. Found the vendor of this soft. but can't build a freaking request based on their documentation...
    Help plz!

  • edited January 9

    Type your comment> @w3x said:

    i swear to god if i ever see mr robot i am going to dome him

    I've never seen you comment a single positive thing, and I've come across your comments quite a few times now on numerous forum threads.

    If you don't have any constructive criticism and/or positive feedback, maybe save yourself the embarrassment and refrain from saying anything at all.

    Food for thought.

    Nice machine @MrR3boot, the heap is destroying me.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited January 10

    Finally rooted this amazing box.

    Last login: Tue Dec 17 13:31:35 2019
    [email protected]:~# 
    

    Thank you @MrR3boot & @b14ckh34rt for this enormous experience.
    I learnt a ton on heap and yes, definitely bins in bins in bins is a great hint ;)
    Thanks also to @idomino for the interesting suggestions and @v01t4ic for the interesting conversations.
    If I can add another hint: pay attention to g**** version.
    See you next box!
    Cheers

    image
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Type your comment> @blink3r said:
    > Finally rooted this amazing box.
    >
    > Last login: Tue Dec 17 13:31:35 [email protected]:~#
    >
    > Thank you @MrR3boot & @b14ckh34rt for this enormous experience.
    > I learnt a ton on heap and yes, definitely bins in bins in bins is a great hint ;)
    > Thanks also to @idomino for the interesting suggestions and @v01t4ic for the interesting conversations.
    > If I can add another hint: pay attention to g**** version.
    > See you next box!
    > Cheers

    Well Done :)

    MrR3boot
    Learn | Hack | Have Fun

  • edited January 10

    By far my favorite box. I'm glad I went the intended way of getting root. It really forced me to get out of my comfort zone into the world of heaps and bins. Learned lots. Kudos to @MrR3boot and @b14ckh34rt. Thank you!

    limbernie
    Write-ups of retired machines

  • edited January 12
    [*] Switching to interactive mode
    # $ id
    uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
    

    @MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
    And to everyone who helped me along the way. I don't think I've read this much doing boxes before this one =) Absolutely positive that I wouldn't be reading glibc course code

    PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.

  • edited January 13
    [email protected]:~# 
    

    This was tough. Like, too tough. As in, I won't be doing something like this again for a WHILE, tough. :D

    Thanks @MrR3boot and @b14ckh34rt for owning me, and also for improving my heap exp. skills! Root was especially hard for me as I typically find myself lacking in the RE and bin. exp. department(s). This machine forced me to re-learn (almost) everything from the ground up, and then start building my exploit from scratch.

    Please keep making boxes :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @v01t4ic said:

    [*] Switching to interactive mode
    # $ id
    uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
    

    @MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
    And to everyone who helped me along the way. I don't think I've read this much doing boxes before this one =) Absolutely positive that I wouldn't be reading glibc course code

    PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.

    Solved using tcache? Nice work man. Glibc 2.29 has some nasty checks. I'm thinking I'll just try and dodge tcache entirely for the time being. We'll see how far I get with that though... ^_^"

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • @farbs said:

    [email protected]:~# 
    

    This was tough. Like, too tough. As in, I won't be doing something like this again for a WHILE, tough. :D

    Thanks @MrR3boot for owning me, and also for improving my heap exp. skills! Root was especially hard for me as I typically find myself lacking in the RE and bin. exp. department(s). This machine forced me to re-learn (almost) everything from the ground up, and then start building my exploit from scratch.

    Please keep making boxes :)

    It’s all the magic of @b14ckh34rt ;)

    MrR3boot
    Learn | Hack | Have Fun

  • @limbernie said:
    By far my favorite box. I'm glad I went the intended way of getting root. It really forced me to get out of my comfort zone into the world of heaps and bins. Learned lots. Kudos to @MrR3boot and @b14ckh34rt. Thank you!

    Mine too ;)

    MrR3boot
    Learn | Hack | Have Fun

  • > @v01t4ic said:
    > [*] Switching to interactive mode# $ iduid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
    >
    > @MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
    > And to everyone who helped me along the way. I don't think I've read this much doing boxes before this one =) Absolutely positive that I wouldn't be reading glibc course code
    >
    > PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.

    Glad you finished the Game without cheatcodes ;)

    MrR3boot
    Learn | Hack | Have Fun

  • IMAGE ALT TEXT HERE

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • Could someone give me a little nudge in the right direction to get past the 2FA?

    I'm stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
    I see others were stuck also at this, but I'm not connecting the dots from the hints.

  • edited January 14

    Type your comment> @0xRCE said:

    Could someone give me a little nudge in the right direction to get past the 2FA?

    I'm stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
    I see others were stuck also at this, but I'm not connecting the dots from the hints.

    Same spot. I was stuck here before I went away for a couple of weeks. Now I'm back and I fuzzed the hell out of it again to no avail.

  • edited January 14

    @0xRCE said:
    Could someone give me a little nudge in the right direction to get past the 2FA?

    I'm stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
    I see others were stuck also at this, but I'm not connecting the dots from the hints.

    I guess, it’s a bad nudge, but seems very accurate to me.

    Also keep in mind how you connect variables in programming languages when they consist of several words.

  • Type your comment> @v01t4ic said:

    @0xRCE said:
    Could someone give me a little nudge in the right direction to get past the 2FA?

    I'm stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
    I see others were stuck also at this, but I'm not connecting the dots from the hints.

    I guess, it’s a bad nudge, but seems very accurate to me.

    Also keep in mind how you connect variables in programming languages when they consist of several words.

    Thanks @v01t4ic for the nudge, it figured it out! With this in mind, going back to my notes was enough to get the parameter I was missing.

  • So, even though my progress here is terrible ( I feel it could be years before I get user), I feel a bit better because this is clearly such a hard box that even Hackplayers don't have a password protected write up on it yet :smile:

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi :) Also, user was another lesson in turning over every stone and looking underneath.

    Thanks @MrR3boot & @b14ckh34rt for the box!

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • @job0 said:
    What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi :) Also, user was another lesson in turning over every stone and looking underneath.

    Thanks @MrR3boot & @b14ckh34rt for the box!

    Good Work ;)

    MrR3boot
    Learn | Hack | Have Fun

  • edited January 17

    Banging my head for three days upgrading my shell to get some more privileges. Maybe someone could give a little nudge to upgrade privs.

    Not sure if I'm tuned in into the right "interesting" place mentioned in posts before, every once in a while I get some status updates saying everything is OK and nothing happened.
    Trying to speak inside this interesting place gives me nothing, maybe I don't know how to speak friend ;-)

    BTW, @MrR3boot and @b14ckh34rt thanks for the box, it's been a real fun ride so far

  • I'm stuck with t**p I got {"error":"Invalid Session"}

  • [*] Switching to interactive mode
    # $ id
    uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
    # $ cd /root
    # $ ls -l
    total 12
    -rwx------ 1 root root 819 Nov 10 14:27 broadcast.py
    -rwx------ 1 root root 905 Sep 13 18:39 connection.py
    -r-------- 1 root root  33 Sep  5 03:41 root.txt
    # $ cat root.txt
    

    i got the root. :D it was very hard for me.but i learned a lot from this machine.
    i have solved heap challenges before, but this one was new and hard.
    thank you @MrR3boot @b14ckh34rt and @job0 @blink3r @v01t4ic for their helps

  • edited January 19

    I just started with box, enable to find a valid directory so far any good list for reference.
    Regards

  • edited January 20

    Cant find the correct action for the mfa despite all the hints here. Have gone through various wordlists + different permutations on each but still no hits? Would appreciate a hint here.
    edit: why is it always when i finally reach for help, I soon happen to magically realize the error myself...

    sanre

Sign In to comment.