Fatty

Spoiler Removed

Well, if Im being able to access to the console already there should be ppl close to claim user :stuck_out_tongue:

Spoiler Removed

Well. 50pts for a reason.

Update: “Wonky” would describe this client pretty well, I think.

Update #2: TIL how to decompile a jar file… Is it a rabbit hole to think we need to alter this (if possible or is signing an issue?) to work around some things? Still don’t see how commands/messages are formatted/encoded/etc to or from server. Curious to see that.

So far this box seems really good. Congrats to @jkr on root!

Edit: Feels very close to user. I’m missing something…

I haven’t got user yet, but I’m enjoying this VERY MUCH so far.

Update: got user now :slight_smile: awesome box

I am enjoying it too. I got completely sucked into it yesterday after having thought “Ugh. Java client.” No idea wtf I’m doing, but I’m having fun doing it.

I just got a shell and cannot read user.txt despite I can run other commands, what a trolling machine hehe

nvm got user.txt, on to root!

Edit: and rooted.

(Still on foothold stage): Can one actually enable the debug output? I change the value to true and it re-compiles and runs, but never see output from S-----.out.p------(). Seems like it would be useful. Cannot really change anything else without errors.

Update: Hrm. Even commenting out the “if” checks no output. Does something block or redirect “S-----.out.p------()” elsewhere?

Update#2: Apparently it helps to understand that re-compiling != saving back to jar. /eyeroll

Got user, root to go

Spent a few hours fixing the java client. Now I have it running but can’t figure out what to do next. Can anyone lend me some hints…

Got user! Fix the client, and get the server program. Audit code of server, you can see typical vulnerability in java, just exploit it.
Road to root, can’t figure next step, can anyone share some bints.

I think unable to do this box without java spring developer knowledge.

Type your comment> @rholas said:

I think unable to do this box without java spring developer knowledge.

I’m planning to take advanced Java course in Udemy lol :wink:

anyone have problems with downloading the jar file?

Type your comment> @hackbarx said:

Got user! Fix the client, and get the server program. Audit code of server, you can see typical vulnerability in java, just exploit it.
Road to root, can’t figure next step, can anyone share some bints.

I have fixed the client. Do i need admin role to get the server code?

Taken user. A really great box, forced me to leave my comfort zone but didn’t leave me guessing (except for a few minutes).

Type your comment> @clubby789 said:

Taken user. A really great box, forced me to leave my comfort zone but didn’t leave me guessing (except for a few minutes).

Completely agree. A lot of work (especially for my rusty java skills), but so far, no CTF magic, just well chained vulnerabilities. If root is as good as user or better , it will be indeed one awesome box.

Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!

Type your comment> @red0nyx said:

Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!

you need to update the jar file