Obscurity

1131416181925

Comments

  • First time dealing with injection of any kind. I've got the py script and see the execution vulnerability but at the moment no clue how to go about injecting the command I want to execute. Can anyone give me a nudge?

  • Rooted.

    Learned a lot about the the language. Thanks to @GhostSquad for the help for the user.

    DM for help.

  • Got the user after literally 3 weeks of working on the box. Had HUGE amounts of help, but since this is my first user, I am very proud of the stuff that I have learned. Going for the root now.

  • rooted! Fun box. If anyone is having trouble generating the key, look at the code CAREFULLY and see what it does to each argument !!!!!!!!!

  • Rooted! Have learnt a lot from this lab.

    I still have one question maybe someone can answer it. When I got the root credentials, I couldn't use ssh to login and I had to switch to root from user. And I have checked the configuration, the passwordlogin is not disabled. Any ideas?

  • edited January 13

    I need a nudge with the foothold. I have the py script and have spotted the vulnerable part in the script. I have a way I think should give me RCE but when i run the curl with my code I get an empty response from the server? Am I way off? Some help is very much appreciated. I can PM my cURL command if someone will give it a look and maybe give me a nudge.

    edit: Thanks to enpassant for helping me out.

  • Can anyone PM me about root. I realize what is going on with B*******H and I know that I am in a race with the program but I cannot for the life of me figure out how to go about it.

    Any help would be appreciated ^^

  • A lot of head banging at the beginning, but finally rooted. Thanks @clubby789 for the challenge and fun!!

    PM me for hints, more than happy to help!

  • Rooted. I was really thinking way too hard for Root. Thanks N0tAC0p for his help.

    If you need help PM for hints.

  • Rooted, though I'm pretty sure I completed it in the "wrong way". Loved the path to user!

    Hack The Box

  • Rooted with the help of @drdsol92. Good box to really learn python scripting . Dm me if u need help

    IamKsNoob

  • Rooted! Root was easy:)

    joelblack

  • i dont understand the run it locally part, any help?

  • Nice little box. Learned a thing or two about the snake scripting. I do have one thing to say to the butchers who change the B**********H.py. May you suffer bitrot on all your backups and your hard disk heads crash.

    For the rest of you, if you find that the B**********H.py has been changed by a script kiddie butcher wannabe you have to reset the box.

    A hint for getting root. They say two hands halve the work. So do two connections.

  • wohoo

    [email protected]:~# id;hostname
    uid=0(root) gid=0(root) groups=0(root)
    obscure
    

    Initial foothold was a nightmare. I realized how to need to fuzz, but all "default" tools not worked fine for me... Then I found one in githab written in go.
    User and Root was very interesting. Python debug tool will help

    Kirzaks

  • God i'm really struggling, this is my first box, I was able to find the SSS.py file, found the weak point in the python code and have been trying to get a shell for hours and hours, would someone be able to look at my injection and give me a nudge as to whether i'm going in the right direction? i'm trying to invoke command line execution with os.s***** and i'm not sure what i'm doing wrong :/

  • I found the file and found the function to exploit, also found some xss but can't find a way to get the shell... Been stucked for hours, if anyone can help me on that dm me please!
    Thanks!

  • edited January 16

    Rooted,
    Initial foothold ( fuzz ) was bit tricky, moving forward exploit, user and root is all about reading the code and using the holes found with in the code.

    PM me for a nudge.

    RaNa

  • w0000t finally:

    [email protected]:~# id;hostname
    uid=0(root) gid=0(root) groups=0(root)
    obscure
    

    HUGE thanks to @Locutus ! <3 Feel free to PM for hints.

  • edited January 17

    Im strugling with user. I have found a py scrypt that does some encryption and decryption. I have added a crack function to the script, but the key I get is only in the extended ascii table and looks very wrong to me. Can someone help me and maybe take a look at my crack function?

    edit: A hit from Enpassant helped me out.
    edit2: Got user and root. User was the hardest part for me, but I learned something about ascii and encoding :)

  • edited January 17

    can someone pm me a nudge on the initial foothold... have tried gobuster dirb dirbuster fuff wfuzz burp......

    • ignore, i found it
  • Oh man finally rooted...!!!
    This box was really good...
    Initial foothold: Try making a bash script for wget-ing the file
    User: This is a little tricky but the solution is really very easy
    Root: Straight forward.. read the script and then create your own script

    DM me for nudges... :)

  • i'm having problems with the py.... can anyone help me in here? thanks in advance

  • Any chance someone can PM for assistance with the "e**c' function in the first .py? I am obviously not understanding it and could use some guidance.

  • Can someone give me a nudge, I found a way to inject something but I don't know how to get shell.
  • @Inss said:

    Can someone give me a nudge, I found a way to inject something but I don't know how to get shell.

    It depends on how you have found a way to inject something but, you could look at creating a reverse shell using the language of the application you are injecting into.

  • edited January 19

    Type your comment> @TazWake said:

    @Inss said:

    Can someone give me a nudge, I found a way to inject something but I don't know how to get shell.

    It depends on how you have found a way to inject something but, you could look at creating a reverse shell using the language of the application you are injecting into.

    I got it, thanks for reply tho :D

  • Hi, I managed to get root's password, but I can't login as root via SSH.

    It tells me i got the wrong password :/

  • I have managed to find the vulnerable function in the S**.py file, but I am having a hard time figuring how how to get the program to handle the request the way I want it to. Any nudge would be greatly appreciated.

    any help will be rewarded with some Aretha Franklin gems.

  • edited January 20

    Hello, can somebody help me with "url formated path" in Burp, please ?

    Edit: thanks @IamKsNoob for getting me help.

Sign In to comment.