PlayerTwo

Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

Type your comment> @0xRCE said:

Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

Same spot. I was stuck here before I went away for a couple of weeks. Now Iā€™m back and I fuzzed the ā– ā– ā– ā–  out of it again to no avail.

@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

I guess, itā€™s a bad nudge, but seems very accurate to me.

Also keep in mind how you connect variables in programming languages when they consist of several words.

Type your comment> @v01t4ic said:

@0xRCE said:
Could someone give me a little nudge in the right direction to get past the 2FA?

Iā€™m stuck at "Missing p*********" in a**/t***. Fuzzing/guessing for the missing stuff and trying to guess the payload gave me nothing so far.
I see others were stuck also at this, but Iā€™m not connecting the dots from the hints.

https://youtu.be/Q48FtnmhbdI

I guess, itā€™s a bad nudge, but seems very accurate to me.

Also keep in mind how you connect variables in programming languages when they consist of several words.

Thanks @v01t4ic for the nudge, it figured it out! With this in mind, going back to my notes was enough to get the parameter I was missing.

So, even though my progress here is terrible ( I feel it could be years before I get user), I feel a bit better because this is clearly such a hard box that even Hackplayers donā€™t have a password protected write up on it yet :smile:

What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi :slight_smile: Also, user was another lesson in turning over every stone and looking underneath.

Thanks @MrR3boot & @b14ckh34rt for the box!

@job0 said:
What a fun box, defiantly learned lots during root - at times it felt like playing a game of Towers of Hanoi :slight_smile: Also, user was another lesson in turning over every stone and looking underneath.

Thanks @MrR3boot & @b14ckh34rt for the box!

Good Work :wink:

Banging my head for three days upgrading my shell to get some more privileges. Maybe someone could give a little nudge to upgrade privs.

Not sure if Iā€™m tuned in into the right ā€œinterestingā€ place mentioned in posts before, every once in a while I get some status updates saying everything is OK and nothing happened.
Trying to speak inside this interesting place gives me nothing, maybe I donā€™t know how to speak friend :wink:

BTW, @MrR3boot and @b14ckh34rt thanks for the box, itā€™s been a real fun ride so far

Iā€™m stuck with t**p I got {ā€œerrorā€:ā€œInvalid Sessionā€}

[*] Switching to interactive mode
# $ id
uid=1000(observer) gid=1000(observer) euid=0(root) groups=1000(observer)
# $ cd /root
# $ ls -l
total 12
-rwx------ 1 root root 819 Nov 10 14:27 broadcast.py
-rwx------ 1 root root 905 Sep 13 18:39 connection.py
-r-------- 1 root root  33 Sep  5 03:41 root.txt
# $ cat root.txt

i got the root. :smiley: it was very hard for me.but i learned a lot from this machine.
i have solved heap challenges before, but this one was new and hard.
thank you @MrR3boot @b14ckh34rt and @job0 @blink3r @v01t4ic for their helps

I just started with box, enable to find a valid directory so far any good list for reference.
Regards

Cant find the correct action for the mfa despite all the hints here. Have gone through various wordlists + different permutations on each but still no hits? Would appreciate a hint here.
edit: why is it always when i finally reach for help, I soon happen to magically realize the error myselfā€¦

Type your comment> @sanre said:

Cant find the correct action for the mfa despite all the hints here. Have gone through various wordlists + different permutations on each but still no hits? Would appreciate a hint here.
edit: why is it always when i finally reach for help, I soon happen to magically realize the error myselfā€¦

I would appericate your hint regarding directory enumeration.

Done! It was hard, really hard. The user is good but some guessing necessary (thanks @menessim). The root was fantastic but very hard and very fun for me. It was my first heap exploitation. I have read a lot write ups and try many methods before i got root with my own custom script)

Hello can somebody help me please? Iā€™m stuck at the firmware part. I have tried a few things but they doesnā€™t work.

EDIT : Got it. Donā€™t need help anymore.

I finally rooted Player2 after three weeks of hard work. What can I say? I wish every box would make me go back to school like this. I feel much stronger now. Thanks @MrR3boot. Thanks @b14ckh34rt.

Hey, I just started this box, but I had to say the the homepage is pretty effin funny. Protobs! we believe that bits never lie! Letā€™s poke each other! roflol, ok had to get that off my chest. Have a good one!

If anyone is feeling cryptic, Iā€™m fishing for a nudge toward user. Iā€™m on the box as the normal unprivileged account, and Iā€™ve managed to pull some clearly important data from the running service, but Iā€™m drawing a blank on what I can actually do with it. All the moving parts I can find regarding the process in the documentation seem to only apply to steps Iā€™ve already completed.

Nevermind, I only needed to embarrass myself publicly to immediately figure it out. Iā€™m in.

Hi @Eli - you mind if I ping you?

Got user, root is tough, wish had more time to work on it, great box really enjoyed it !
PM for nudges :wink: