[*] Switching to interactive mode
# $ id
uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I don’t think I’ve read this much doing boxes before this one =) Absolutely positive that I wouldn’t be reading glibc course code
PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.
Solved using tcache? Nice work man. Glibc 2.29 has some nasty checks. I’m thinking I’ll just try and dodge tcache entirely for the time being. We’ll see how far I get with that though… ^_^"
This was tough. Like, too tough. As in, I won’t be doing something like this again for a WHILE, tough.
Thanks @MrR3boot for owning me, and also for improving my heap exp. skills! Root was especially hard for me as I typically find myself lacking in the RE and bin. exp. department(s). This machine forced me to re-learn (almost) everything from the ground up, and then start building my exploit from scratch.
@limbernie said:
By far my favorite box. I’m glad I went the intended way of getting root. It really forced me to get out of my comfort zone into the world of heaps and bins. Learned lots. Kudos to @MrR3boot and @b14ckh34rt. Thank you!
@MrR3boot & @b14ckh34rt Thanks for the game guys! Box is awesome!
And to everyone who helped me along the way. I don’t think I’ve read this much doing boxes before this one =) Absolutely positive that I wouldn’t be reading glibc course code
PS. Solved using Tc****. Will appreciate if anyone cares to take a look at my code and explain how I can overlap in bins. I stumbled on unlinking part.
Could someone give me a little nudge in the right direction to get past the 2FA?
I’m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but I’m not connecting the dots from the hints.
Could someone give me a little nudge in the right direction to get past the 2FA?
I’m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but I’m not connecting the dots from the hints.
Same spot. I was stuck here before I went away for a couple of weeks. Now I’m back and I fuzzed the ■■■■ out of it again to no avail.
@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?
I’m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but I’m not connecting the dots from the hints.
I guess, it’s a bad nudge, but seems very accurate to me.
Also keep in mind how you connect variables in programming languages when they consist of several words.
@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?
I’m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but I’m not connecting the dots from the hints.
So, even though my progress here is terrible ( I feel it could be years before I get user), I feel a bit better because this is clearly such a hard box that even Hackplayers don’t have a password protected write up on it yet
What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi Also, user was another lesson in turning over every stone and looking underneath.
@job0 said:
What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi Also, user was another lesson in turning over every stone and looking underneath.
Banging my head for three days upgrading my shell to get some more privileges. Maybe someone could give a little nudge to upgrade privs.
Not sure if I’m tuned in into the right “interesting” place mentioned in posts before, every once in a while I get some status updates saying everything is OK and nothing happened.
Trying to speak inside this interesting place gives me nothing, maybe I don’t know how to speak friend
BTW, @MrR3boot and @b14ckh34rt thanks for the box, it’s been a real fun ride so far
[*] Switching to interactive mode
# $ id
uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
# $ cd /root
# $ ls -l
total 12
-rwx------ 1 root root 819 Nov 10 14:27 broadcast.py
-rwx------ 1 root root 905 Sep 13 18:39 connection.py
-r-------- 1 root root 33 Sep 5 03:41 root.txt
# $ cat root.txt
i got the root. it was very hard for me.but i learned a lot from this machine.
i have solved heap challenges before, but this one was new and hard.
thank you @MrR3boot@b14ckh34rt and @job0@blink3r@v01t4ic for their helps
Cant find the correct action for the mfa despite all the hints here. Have gone through various wordlists + different permutations on each but still no hits? Would appreciate a hint here.
edit: why is it always when i finally reach for help, I soon happen to magically realize the error myself…
Cant find the correct action for the mfa despite all the hints here. Have gone through various wordlists + different permutations on each but still no hits? Would appreciate a hint here.
edit: why is it always when i finally reach for help, I soon happen to magically realize the error myself…
I would appericate your hint regarding directory enumeration.
Done! It was hard, really hard. The user is good but some guessing necessary (thanks @menessim). The root was fantastic but very hard and very fun for me. It was my first heap exploitation. I have read a lot write ups and try many methods before i got root with my own custom script)