Obscurity

Rooted! Root was easy:)

i dont understand the run it locally part, any help?

Nice little box. Learned a thing or two about the snake scripting. I do have one thing to say to the butchers who change the B**********H.py. May you suffer bitrot on all your backups and your hard disk heads crash.

For the rest of you, if you find that the B**********H.py has been changed by a script kiddie butcher wannabe you have to reset the box.

A hint for getting root. They say two hands halve the work. So do two connections.

wohoo

root@obscure:~# id;hostname
uid=0(root) gid=0(root) groups=0(root)
obscure

Initial foothold was a nightmare. I realized how to need to fuzz, but all “default” tools not worked fine for me… Then I found one in githab written in go.
User and Root was very interesting. Python debug tool will help

God i’m really struggling, this is my first box, I was able to find the SSS.py file, found the weak point in the python code and have been trying to get a shell for hours and hours, would someone be able to look at my injection and give me a nudge as to whether i’m going in the right direction? i’m trying to invoke command line execution with os.s***** and i’m not sure what i’m doing wrong :confused:

I found the file and found the function to exploit, also found some xss but can’t find a way to get the shell… Been stucked for hours, if anyone can help me on that dm me please!
Thanks!

Rooted,
Initial foothold ( fuzz ) was bit tricky, moving forward exploit, user and root is all about reading the code and using the holes found with in the code.

PM me for a nudge.

w0000t finally:

root@obscure:~# id;hostname
uid=0(root) gid=0(root) groups=0(root)
obscure

HUGE thanks to @Locutus ! <3 Feel free to PM for hints.

Im strugling with user. I have found a py scrypt that does some encryption and decryption. I have added a crack function to the script, but the key I get is only in the extended ascii table and looks very wrong to me. Can someone help me and maybe take a look at my crack function?

edit: A hit from Enpassant helped me out.
edit2: Got user and root. User was the hardest part for me, but I learned something about ascii and encoding :slight_smile:

can someone pm me a nudge on the initial foothold… have tried gobuster dirb dirbuster fuff wfuzz burp…

  • ignore, i found it

Oh man finally rooted…!!!
This box was really good…
Initial foothold: Try making a bash script for wget-ing the file
User: This is a little tricky but the solution is really very easy
Root: Straight forward… read the script and then create your own script

DM me for nudges… :slight_smile:

i’m having problems with the py… can anyone help me in here? thanks in advance

Any chance someone can PM for assistance with the "e**c’ function in the first .py? I am obviously not understanding it and could use some guidance.

Can someone give me a nudge, I found a way to inject something but I don’t know how to get shell.

@Inss said:

Can someone give me a nudge, I found a way to inject something but I don’t know how to get shell.

It depends on how you have found a way to inject something but, you could look at creating a reverse shell using the language of the application you are injecting into.

Type your comment> @TazWake said:

@Inss said:

Can someone give me a nudge, I found a way to inject something but I don’t know how to get shell.

It depends on how you have found a way to inject something but, you could look at creating a reverse shell using the language of the application you are injecting into.

I got it, thanks for reply tho :smiley:

Hi, I managed to get root’s password, but I can’t login as root via SSH.

It tells me i got the wrong password :confused:

I have managed to find the vulnerable function in the S**.py file, but I am having a hard time figuring how how to get the program to handle the request the way I want it to. Any nudge would be greatly appreciated.

any help will be rewarded with some Aretha Franklin gems.

Hello, can somebody help me with “url formated path” in Burp, please ?

Edit: thanks @IamKsNoob for getting me help.

Got root this… Thx @IamKsNoob for help!
Root was very easy, user is a little bit hard.
PM if your stuck, as usually