I just got a shell and cannot read user.txt despite I can run other commands, what a trolling machine hehe
nvm got user.txt, on to root!
Edit: and rooted.
I just got a shell and cannot read user.txt despite I can run other commands, what a trolling machine hehe
nvm got user.txt, on to root!
Edit: and rooted.
(Still on foothold stage): Can one actually enable the debug output? I change the value to true and it re-compiles and runs, but never see output from S-----.out.p------(). Seems like it would be useful. Cannot really change anything else without errors.
Update: Hrm. Even commenting out the “if” checks no output. Does something block or redirect “S-----.out.p------()” elsewhere?
Update#2: Apparently it helps to understand that re-compiling != saving back to jar. /eyeroll
Got user, root to go
Spent a few hours fixing the java client. Now I have it running but can’t figure out what to do next. Can anyone lend me some hints…
Got user! Fix the client, and get the server program. Audit code of server, you can see typical vulnerability in java, just exploit it.
Road to root, can’t figure next step, can anyone share some bints.
I think unable to do this box without java spring developer knowledge.
Type your comment> @rholas said:
I think unable to do this box without java spring developer knowledge.
I’m planning to take advanced Java course in Udemy lol
anyone have problems with downloading the jar file?
Type your comment> @hackbarx said:
Got user! Fix the client, and get the server program. Audit code of server, you can see typical vulnerability in java, just exploit it.
Road to root, can’t figure next step, can anyone share some bints.
I have fixed the client. Do i need admin role to get the server code?
Taken user. A really great box, forced me to leave my comfort zone but didn’t leave me guessing (except for a few minutes).
Type your comment> @clubby789 said:
Taken user. A really great box, forced me to leave my comfort zone but didn’t leave me guessing (except for a few minutes).
Completely agree. A lot of work (especially for my rusty java skills), but so far, no CTF magic, just well chained vulnerabilities. If root is as good as user or better , it will be indeed one awesome box.
Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!
Type your comment> @red0nyx said:
Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!
you need to update the jar file
Type your comment> @zard said:
Type your comment> @red0nyx said:
Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!
you need to update the jar file
Thank you! I though emacs do it automatically
Found the credentials , updated b****.**l file with needed info , updated jar archive , but when i run it , i get the following error
Exception in thread “AWT-EventQueue-0” java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter
Has anyone encountered the same issue ?
Thanks in advance
Type your comment> @TheBandit said:
Found the credentials , updated b****.**l file with needed info , updated jar archive , but when i run it , i get the following error
Exception in thread “AWT-EventQueue-0” java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverterHas anyone encountered the same issue ?
Thanks in advance
You need j***8
Type your comment> @onurshin said:
Type your comment> @TheBandit said:
Found the credentials , updated b****.**l file with needed info , updated jar archive , but when i run it , i get the following error
Exception in thread “AWT-EventQueue-0” java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverterHas anyone encountered the same issue ?
Thanks in advance
You need j***8
Thanks
Spoiler Removed
Honestly a really excellent box. A great time, enjoyed battling against root for 3 days.
I get spring compile errors when trying to javac Conn*.ja** from the source directory. Any help is appreciated.