Obscurity

I really enjoyed this box!
I’m relatively new here (this is my second box)
and I learned allot

thanks! @clubby789

My tips:

foothold:
fuzz what you don’t know, once you get it. you will see the window.
replicate the process to see where the rocks you throw land.
once you know, it’s just a matter of syntax

user:
with everything I have at home what can i deduce about this?
it’s not hard math, really it’s more similar to deducing that if
3 + 2 = 5 then 5 - 3 must equal 2

root:
if you say the magic word the only way you know
something random is going to happen somewhere very specific
might want to throw a net rather then trying to catch it by hand.

Rooted. Nice box, like the theme. :joy:

To all out there: pls don’t break the box. user → root does not require you to move or modify any files.

rooted ! pretty cool box. still new on htb but i am doing great. DM me for help. :slight_smile:

Rooted. Really cool box! PM me if you need help

Rooted cool box if you need hints pm me on discord icoNic#0097

Su’um ahrk morah. Brit grah.

ok something strange is happening to my shell, its scrolling error messages non stop…wtf anyone else having this issue

@lolotlse said:
Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help

ok good im not the only one, and i thought it was my rig, but clearly its not…happy about that :slight_smile: but frustratingly annoying cant get anything done, could someone fix this issue tried reset didnt work

can anyone tell me if “a*******ov” is the right key for the decrypting part?
i am goig to be insane after this one

Just a small note to self on the user part, download files rather than copy/paste from terminal. It did the trick for me, but did cost me several hours of headscratching!!
My first attempt on doing python… really neat and fun. have you done some programming before and understand code principles and logic, this should be quite easy.

Rooted.

I kept reading that root was “easy” … WTF? There’s some serious skill in this forum that people are taking for granted.

Sure, it was easy compared to the dirty trick that I had to realize to get user and with the help of this forum and having all required skills before hand, but I still had to:

  • Read the language of snakes.
  • Write the ancient language of penguins.
  • Use a power word to ask the Dark God of penguins and androids to grant me his might.
  • Ask for the help of my good friend John after translating to separate things for him.

It took me the afternoon and I had the correct general idea of what I had to do before starting. What the ■■■■ do you guys consider “easy”??? I can believe that somebody did all this in 30 minutes without any help.

If you don’t have even one of the mentioned skills you are severely ■■■■.

Fun box to practice your reading skills a bit.

Bit of advise if you keep stumbling at the very beginning: understand your syntax for your commands. specifically understand the differences between -hs and -hc if you use a specific tool.
It might save you some time and frustration that all of us know when you find out you made a typo after hours of debugging :wink:

Type your comment> @asteer1 said:

can anyone tell me if “a*******ov” is the right key for the decrypting part?
i am goig to be insane after this one

It might be that my memory is broken here but I dont recall anything which looked like that. The only things I decrypted with a key used a file.

(again, might have memory lapse here though)

I got some weird problems on user:/
I got the shell and found interesting stuff on the machine. I reversed the Code to get the key. My Code works fine on a small test example and i get the correct key there.
But when using the files found on the machine neither my console nor vim can display the key correctly(mainly blank space output)
I downloaded the files, so there shouldnt be any display errors.

@FunkyMcBeef said:

I got some weird problems on user:/
I got the shell and found interesting stuff on the machine. I reversed the Code to get the key. My Code works fine on a small test example and i get the correct key there.
But when using the files found on the machine neither my console nor vim can display the key correctly(mainly blank space output)
I downloaded the files, so there shouldnt be any display errors.

I didn’t have the same problems as you appear to be having, and I am working from memory here - but ISTR that the python script worked all by itself, just reverse the order and remember to cat the thing you need and decrypt.

(I only discovered that after trying to brute force it tbh)

Type your comment> @TazWake said:

@FunkyMcBeef said:

I got some weird problems on user:/
I got the shell and found interesting stuff on the machine. I reversed the Code to get the key. My Code works fine on a small test example and i get the correct key there.
But when using the files found on the machine neither my console nor vim can display the key correctly(mainly blank space output)
I downloaded the files, so there shouldnt be any display errors.

I didn’t have the same problems as you appear to be having, and I am working from memory here - but ISTR that the python script worked all by itself, just reverse the order and remember to cat the thing you need and decrypt.

(I only discovered that after trying to brute force it tbh)

I don’t even have to write any code:D understood that now. Thx

@FunkyMcBeef said:

I don’t even have to write any code:D understood that now. Thx

I think you’ve got it now, but if you are still stuck PM me over the weekend and I should be able to get access to my notes.

Rooted …fun box, good learning experience thanks @MrG1337 & sholomotion4yah for your nudges :smile: My advice, if your stuck, just peruse through the posts they have all the hints you need and more… good luck lot

A clever one! Wrecked my head with simple and smart tricks. Kudos @clubby789!

Foothold: you know what you’re looking for, use that!
User: you can simulate locally if you want but you’ll be able to construct something usable without that once you get to that function that’s gonna allow you the RCE. Use the language. Once you get the RCE, read the decrypt code, it’ll show you how it’s done. Careful with the encoding.
Root: can be tricky as well, better get what you’re after in one go.

Also my 2cents about the discussion around how ‘easy’ a box is. As others pointed out, it depends on each and everyone of us and it’s not helpful. I certainly haven’t found it easy doing it, I found it smart/ original tho, but that can be subjective as well. So I suggest people stick to a template (foothold:… user[.]:… root:…) while adding objective metrics/ comment as much as possible.

if someone can give me a little help I ill be thankful, you can pm me