Obscurity

Was missing a silly thing to root, thanks to @schex and @GhostSquad for their help.

Type your comment> @up2nogood said:

I need a nudge on getting foothold… anyone?

anytool IP/FUZZ/child

Rooted.

root@Obscure$ id
Output: uid=0(root) gid=0(root) groups=0(root)

one of the easiest boxes. as a Software developer it was pretty fun for me.

First time dealing with injection of any kind. I’ve got the py script and see the execution vulnerability but at the moment no clue how to go about injecting the command I want to execute. Can anyone give me a nudge?

Rooted.

Learned a lot about the the language. Thanks to @GhostSquad for the help for the user.

DM for help.

Got the user after literally 3 weeks of working on the box. Had HUGE amounts of help, but since this is my first user, I am very proud of the stuff that I have learned. Going for the root now.

rooted! Fun box. If anyone is having trouble generating the key, look at the code CAREFULLY and see what it does to each argument !!!

Rooted! Have learnt a lot from this lab.

I still have one question maybe someone can answer it. When I got the root credentials, I couldn’t use ssh to login and I had to switch to root from user. And I have checked the configuration, the passwordlogin is not disabled. Any ideas?

I need a nudge with the foothold. I have the py script and have spotted the vulnerable part in the script. I have a way I think should give me RCE but when i run the curl with my code I get an empty response from the server? Am I way off? Some help is very much appreciated. I can PM my cURL command if someone will give it a look and maybe give me a nudge.

edit: Thanks to enpassant for helping me out.

Can anyone PM me about root. I realize what is going on with B*******H and I know that I am in a race with the program but I cannot for the life of me figure out how to go about it.

Any help would be appreciated ^^

A lot of head banging at the beginning, but finally rooted. Thanks @clubby789 for the challenge and fun!!

PM me for hints, more than happy to help!

Rooted. I was really thinking way too hard for Root. Thanks N0tAC0p for his help.

If you need help PM for hints.

Rooted, though I’m pretty sure I completed it in the “wrong way”. Loved the path to user!

Rooted with the help of @drdsol92. Good box to really learn python scripting . Dm me if u need help

Rooted! Root was easy:)

i dont understand the run it locally part, any help?

Nice little box. Learned a thing or two about the snake scripting. I do have one thing to say to the butchers who change the B**********H.py. May you suffer bitrot on all your backups and your hard disk heads crash.

For the rest of you, if you find that the B**********H.py has been changed by a script kiddie butcher wannabe you have to reset the box.

A hint for getting root. They say two hands halve the work. So do two connections.

wohoo

root@obscure:~# id;hostname
uid=0(root) gid=0(root) groups=0(root)
obscure

Initial foothold was a nightmare. I realized how to need to fuzz, but all “default” tools not worked fine for me… Then I found one in githab written in go.
User and Root was very interesting. Python debug tool will help

God i’m really struggling, this is my first box, I was able to find the SSS.py file, found the weak point in the python code and have been trying to get a shell for hours and hours, would someone be able to look at my injection and give me a nudge as to whether i’m going in the right direction? i’m trying to invoke command line execution with os.s***** and i’m not sure what i’m doing wrong :confused:

I found the file and found the function to exploit, also found some xss but can’t find a way to get the shell… Been stucked for hours, if anyone can help me on that dm me please!
Thanks!