Fatty

I just got a shell and cannot read user.txt despite I can run other commands, what a trolling machine hehe

nvm got user.txt, on to root!

Edit: and rooted.

(Still on foothold stage): Can one actually enable the debug output? I change the value to true and it re-compiles and runs, but never see output from S-----.out.p------(). Seems like it would be useful. Cannot really change anything else without errors.

Update: Hrm. Even commenting out the “if” checks no output. Does something block or redirect “S-----.out.p------()” elsewhere?

Update#2: Apparently it helps to understand that re-compiling != saving back to jar. /eyeroll

Got user, root to go

Spent a few hours fixing the java client. Now I have it running but can’t figure out what to do next. Can anyone lend me some hints…

Got user! Fix the client, and get the server program. Audit code of server, you can see typical vulnerability in java, just exploit it.
Road to root, can’t figure next step, can anyone share some bints.

I think unable to do this box without java spring developer knowledge.

Type your comment> @rholas said:

I think unable to do this box without java spring developer knowledge.

I’m planning to take advanced Java course in Udemy lol :wink:

anyone have problems with downloading the jar file?

Type your comment> @hackbarx said:

Got user! Fix the client, and get the server program. Audit code of server, you can see typical vulnerability in java, just exploit it.
Road to root, can’t figure next step, can anyone share some bints.

I have fixed the client. Do i need admin role to get the server code?

Taken user. A really great box, forced me to leave my comfort zone but didn’t leave me guessing (except for a few minutes).

Type your comment> @clubby789 said:

Taken user. A really great box, forced me to leave my comfort zone but didn’t leave me guessing (except for a few minutes).

Completely agree. A lot of work (especially for my rusty java skills), but so far, no CTF magic, just well chained vulnerabilities. If root is as good as user or better , it will be indeed one awesome box.

Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!

Type your comment> @red0nyx said:

Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!

you need to update the jar file

Type your comment> @zard said:

Type your comment> @red0nyx said:

Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!

you need to update the jar file

Thank you! I though emacs do it automatically

Found the credentials , updated b****.**l file with needed info , updated jar archive , but when i run it , i get the following error
Exception in thread “AWT-EventQueue-0” java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter

Has anyone encountered the same issue ?

Thanks in advance

Type your comment> @TheBandit said:

Found the credentials , updated b****.**l file with needed info , updated jar archive , but when i run it , i get the following error
Exception in thread “AWT-EventQueue-0” java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter

Has anyone encountered the same issue ?

Thanks in advance

You need j***8

Type your comment> @onurshin said:

Type your comment> @TheBandit said:

Found the credentials , updated b****.**l file with needed info , updated jar archive , but when i run it , i get the following error
Exception in thread “AWT-EventQueue-0” java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter

Has anyone encountered the same issue ?

Thanks in advance

You need j***8

Thanks

Spoiler Removed

Honestly a really excellent box. A great time, enjoyed battling against root for 3 days.

  • Foothold: Try and break what you have. Almost everything is checked
  • User: Read what you have, a word will stand out if you’ve been doing this for a while
  • Root: Watch carefully, and join the dots. Don’t stare at one part too hard

I get spring compile errors when trying to javac Conn*.ja** from the source directory. Any help is appreciated.