Obscurity

Okay, I wrote a script on my local machine that does basically the same as B*******H.py, writes to a new file and removes it. I was able to catch the output of that, but when running the command on the box to catch it I get nothing… what am I doing wrong? With everyone saying how easy this root was, I’m starting to feel stupid now as I’ve been stuck for 2 days…lol

Welcome to the club :slight_smile: Maybe you are not doing the right anwers. What is the error you recevie in the original py? Why do you think is the reason for that? And what do you need to avoid the problem? I am not rooted but I have a lead. I am at the same way than you.

Such a nice machine, learned a lot.
It is really code review oriented.
For foothold :

  • Enumèrate, what can you get with the info you have ?
  • You know what you want but you don’t know where it is.
    For User :
  • Read what you get
    For root :
  • Read again
  • two solution are possibles (intended or not ?)

Rooted! :love:

Overall very nice machine, special thanks to @mariuszskon for helping me out with user.

User: don’t over complicate it, think in terms of x,y,z - the three variables you have and use simple algebra to deduce the key.

Root: Read the code carefully and make sure you check your privs beforehand. Do whatever needs to be done manually if you had to :wink: Writing a script would help you catch the fast in-out rat. (wink)

Dm me on discord for nudges.

Root password was funny :love:

I really enjoyed this one. Everything is “custom” so you have to read and understand the code. For root there is an easy and a “harder” way. Feel free to pm me for hints.

Just rooted after a lot of effort and help from @n00py and @Merlin01000101

Thank you both for the help and the patience. This box made me realize a have a lot to learn and a mindshift to do when working with code.

Finally got user thanks to very kind help from @Darvidor and @kalitkd. I wrote my own “crack” method for the crypto which only got me about 95% of the way there. The algebra approach was better. Then once I got that working, turns out I don’t understand some very basic linux commands. On to root. I have a lot to learn lol.

I am having a heck of a time with the crypto. Please PM if you can help.

Thanks!

I feel like this box is really difficult to work on - not because of the challenge of finding the user and root flags, that part is awesome, but because it keeps resetting. I feel like I log in, import a more stable python shell, and then maybe have 5 seconds to execute a command before it freezes, sleeps for 30sec, and so on. Is everyone else experiencing this?

Yes me. Restart your pc or vm and then it will work again. Its because of openvpn I think> > @shotop said:

I feel like this box is really difficult to work on - not because of the challenge of finding the user and root flags, that part is awesome, but because it keeps resetting. I feel like I log in, import a more stable python shell, and then maybe have 5 seconds to execute a command before it freezes, sleeps for 30sec, and so on. Is everyone else experiencing this?

Type your comment> @Darvidor said:

Specially the part to access the shell.

Stuck on this for days. I know the vulnerable part of sss.py but can’t find a way to reverse it…

I’ve been stucked for days in SSS.py, i can’t find a way to escape the vulnerable function :frowning:
Anyone can help me?

OK I’m pretty stuck on user. I’ve used two different methods to get the key, got the same result both times and it works with c****.t**/o**.t**. However, when I try to use that key to crack the pass, I get a password that doesn’t work on s** and BS**.py gives me an error related to e**/s when I try it there. Can someone give me a nudge?

EDIT: I figured it out… sort of. I was running the scripts in with an outdated version of the language. Once I switched to the same version that’s on the box, I got a different result that looks correct, but is still getting rejected from s** and B***S.py.

Type your comment> @D3KAL3 said:

Type your comment> @Darvidor said:

Specially the part to access the shell.

Stuck on this for days. I know the vulnerable part of sss.py but can’t find a way to reverse it…

I sent you PM

Yeah !! Rooted !
That was a fun box, not too difficult in my opinion. The hard part was to find the first file.

Initial foothold : FUZZ with the information you found on the webpage.
User : Read the code, understand it and you’ll be ok. I didn’t use the B*****S**.** other than to understand the algorithm.
Root : Read the code, understand it and… well, be quick ?

I think I didn’t got root the intended way. Is there anyone that want to discuss the intended way ? Please, PM me.

Type your comment> @134k said:

Yes me. Restart your pc or vm and then it will work again. Its because of openvpn I think> > @shotop said:

I feel like this box is really difficult to work on - not because of the challenge of finding the user and root flags, that part is awesome, but because it keeps resetting. I feel like I log in, import a more stable python shell, and then maybe have 5 seconds to execute a command before it freezes, sleeps for 30sec, and so on. Is everyone else experiencing this?

■■■ - I took your suggestion, restarted, and now things are SO MUCH better. FML I thought the constant restarting was part of the challenge. THANKS!

Edit: Got root. Feeling great right now. Thanks for a box that def put me out of my comfort zone.

My root hint: Gotta figure out a way to cast a net and capture a fast moving fish.

Finally Rooted.
It hate this machine. I suffer a bit with it. I also love it due I learn a few interesting things to add to my bag.
Thanks to all for nudges, suggestions.
The hardest part was getting the shell for me. It was something new.
User was not easy. It is a matter of read the code.
Admin was a bit difficult to catch something on the fly. My lack of linux knowledge point me to try things that doesn’t work. but once you realize (thanks to advice) how it is not much complicated.
@clubby789 I dream with Obscurity I swear it ! :smile:

i got initial shell, how to get to the user? i already found some file in tmp dir.some hints pls

@n00py said:
rooted this one.

Was a nice one, not so easy for me. Lost myself in fiddling a py script to get user credentials, but finally got it.

Every hint was already given in this forum but one little extra might help someone: read the format for the arguments of a script very carefully! One might be a file input while the other requires plaintext. Result might be messed up if not done right.

Root solved with a little bash script. Was the easier part for me.

If you need a little nudge feel free to send PM

Thank you for the file input nudge, that was staring me in the face the whole time.

Lol every single line in the .py file is jibberish to me…how do you actually learn python like that and not the silly print hello world tutorials…Anybody got a source that can help with what’s going on in this script or what I’m even supposed to do with it or the info in it…Hate when python experts are like this box is so easy blah blah