Obscurity

I got some weird problems on user:/
I got the shell and found interesting stuff on the machine. I reversed the Code to get the key. My Code works fine on a small test example and i get the correct key there.
But when using the files found on the machine neither my console nor vim can display the key correctly(mainly blank space output)
I downloaded the files, so there shouldnt be any display errors.

@FunkyMcBeef said:

I got some weird problems on user:/
I got the shell and found interesting stuff on the machine. I reversed the Code to get the key. My Code works fine on a small test example and i get the correct key there.
But when using the files found on the machine neither my console nor vim can display the key correctly(mainly blank space output)
I downloaded the files, so there shouldnt be any display errors.

I didn’t have the same problems as you appear to be having, and I am working from memory here - but ISTR that the python script worked all by itself, just reverse the order and remember to cat the thing you need and decrypt.

(I only discovered that after trying to brute force it tbh)

Type your comment> @TazWake said:

@FunkyMcBeef said:

I got some weird problems on user:/
I got the shell and found interesting stuff on the machine. I reversed the Code to get the key. My Code works fine on a small test example and i get the correct key there.
But when using the files found on the machine neither my console nor vim can display the key correctly(mainly blank space output)
I downloaded the files, so there shouldnt be any display errors.

I didn’t have the same problems as you appear to be having, and I am working from memory here - but ISTR that the python script worked all by itself, just reverse the order and remember to cat the thing you need and decrypt.

(I only discovered that after trying to brute force it tbh)

I don’t even have to write any code:D understood that now. Thx

@FunkyMcBeef said:

I don’t even have to write any code:D understood that now. Thx

I think you’ve got it now, but if you are still stuck PM me over the weekend and I should be able to get access to my notes.

Rooted …fun box, good learning experience thanks @MrG1337 & sholomotion4yah for your nudges :smile: My advice, if your stuck, just peruse through the posts they have all the hints you need and more… good luck lot

A clever one! Wrecked my head with simple and smart tricks. Kudos @clubby789!

Foothold: you know what you’re looking for, use that!
User: you can simulate locally if you want but you’ll be able to construct something usable without that once you get to that function that’s gonna allow you the RCE. Use the language. Once you get the RCE, read the decrypt code, it’ll show you how it’s done. Careful with the encoding.
Root: can be tricky as well, better get what you’re after in one go.

Also my 2cents about the discussion around how ‘easy’ a box is. As others pointed out, it depends on each and everyone of us and it’s not helpful. I certainly haven’t found it easy doing it, I found it smart/ original tho, but that can be subjective as well. So I suggest people stick to a template (foothold:… user[.]:… root:…) while adding objective metrics/ comment as much as possible.

if someone can give me a little help I ill be thankful, you can pm me

@kalitkd said:

if someone can give me a little help I ill be thankful, you can pm me

You need something other than the normal dirb/gobuster/padbuster etc.

Type your comment> @TazWake said:

@kalitkd said:

(Quote)
You need something other than the normal dirb/gobuster/padbuster etc.

no is not about that

@kalitkd said:

no is not about that

Cool, but that was a little help…

rooted, very fun box

my hints:

foothold: examine the source carefully :wink: debugging locally is helpful
user: again examine source carefully, just write something to reverse it
root: as ppl have said before, you wont be quick enough doing it manually

feel free to PM for nudges

Type your comment> @TazWake said:

Type your comment> @asteer1 said:

can anyone tell me if “a*******ov” is the right key for the decrypting part?
i am goig to be insane after this one

It might be that my memory is broken here but I dont recall anything which looked like that. The only things I decrypted with a key used a file.

(again, might have memory lapse here though)

it actually was right but still missing something, got root now

Can someone give me a nudge?

I have found SSS.py in the secret directory but I’m not sure how to inject my own commands into ex**. Can someone PM me? I am able to show what I have tried so far. Respect up for grabs.

Thanks.

would really appreciate some guidance here! I managed to get a shell testing the sss.py locally but have no luck throwing it at the server? any tips here please?

I manually found the .py after using a specific well known attack involving dots and slashes using burp. I copied the code and made a local file, but I can’t get it to run, that is, it exits without response. Doesn’t throw errors either. It seems like people here are saying that’s a good way for the next step but I don’t have a clue on how to do that. Are there any sites that tell you how to use a file as a webserver I can go read? I don’t want spoilers, but I’m stuck. I’d like to know if the folder the file was in is necessary for the next step, as I got it manually and don’t know the folder name. I’m also sure I can do what’s necessary with burp, but when I try to escape I don’t get a response from the server (sometimes I get a bad request response though, so that’s the wrong angle).

Type your comment> @SgtKrunch said:

I have the .py file as well, but not super familiar with python. I see where I might be able to inject code, but I don’t know how to go about it. Any help would be appreciated.

I am at this point. It my first time I require to do something like this. Research for the moment and I want to analyze the py.

Type your comment> @Darvidor said:

Type your comment> @SgtKrunch said:

I have the .py file as well, but not super familiar with python. I see where I might be able to inject code, but I don’t know how to go about it. Any help would be appreciated.

I am at this point. It my first time I require to do something like this. Research for the moment and I want to analyze the py.

I pm’d you, let me know if the info i gave you helps.

Can someone help with the foothold I’m stuck and out of ideas.

PM with hints please

Hey, can anyone give me a nudge on the sss.py? Am I supposed to be doing percent encoding of a payload? And how am I supposed to test this locally? I see different classes and functions, but nothing calling them? How can I invoke to test? Please excuse my ignorance, I’m a n00b when it comes to python lol

Edit: okay, I figured out how to test locally, and assuming I’m heading the right direction, can anyone help me with escaping’ ? I’ve been trying every way I could find for hours with no luck :confused:

Rooted. It was quite a struggle for me. Mostly due to wrong Syntax. Thx for all the Hints. Learned a lot:)