• edited March 30

    It's been a really funny box so far, but it's a damn nightmare to get a shell that isn't clustered with unknown errors or that simply stops working. Is every box like this because it's sunday or is this one particularly overloaded or anything ? I'm pretty sure I'm on the right path to root but it's just impossible to do anything :(

    Edit : Finally rooted. I waited for the day after and it was fine, I could type some commands without having to wait two minutes to get the output ^^
    I enjoyed this box a lot, it really makes you think at what's happening and not blindly run tools. Foothold was a bit of a pain to get the correct syntax, user was really cool. Root was fun as well, even though the only way I could think of getting it was a really ugly one (there's no clue in that, I did use a really ugly method).

    Thanks @clubby789 !

  • @dragonista no not every box is like this. For root, its just a watch, grab and crack ..pretty disappointing


    foothold..well that was funny. I liked the beginning
    User hat from my point of view nothing to do with reality. It was more like a riddle..extremely ctf style and really frustrating :/

    Well, root was OK, at least not the typical gtfo bin usage ^^

    Tldr: a really messy box ^^

  • Well done @clubby789 thank you a lot, I have enjoyed your box .. keep good work.

    I wouldn't mind some +respect if I helped you ;)

  • Rooted.


  • manage to get user the old fashioned way....never managed to solve the crypto....I would really appreciate if someone could send me a PM to explain to me on how to solve it the crypto

  • edited March 31

    I am in the last step for root

    I asked my friend john and he gave me what i wanted. But when i use that, i am not getting into the place where i want to go.

    Am i doing anything wrong?

    Nvm, figured it out. :D :D

  • Rooted, PM me if y'all need a nudge or two

    If my hints help you out, remember to +respect me

  • Type your comment> @Krocko said:

    manage to get user the old fashioned way....never managed to solve the crypto....I would really appreciate if someone could send me a PM to explain to me on how to solve it the crypto

    Can you share de answer whit me too plz ?

  • Looking for a nudge on RCE. Can someone PM and I'll tell you how far I've gotten?

  • tried dirb, gobuster, dirbuster nothing seems to work, any hint?

  • Really fun and easy box if you love coding.
    You can PM me if y'all need a nudge


    CEH - OSCP

  • Working on reversing the encryption.

  • edited April 4

    wow, first box where I got root shell before I got the user flag. Might not be the intended way (skipped crypto) but oh well, rooted.

  • is burp needed after finding a py file?

  • Yesterday 3 hours ı couldn't not catch the root flag but I got it in half an hour today.
    I have to learn to look right..

  • Type your comment> @sau123 said:

    is burp needed after finding a py file?

    Nope! I'd recommend you to use a fuzzing tool like ffuf https://github.com/ffuf/ffuf

  • If you know python and a bit of linux its not too hard. Aside from that pretty cool box.
    Ps: Feel free to PM me if you're stuck.

  • Really enjoyed this box.. tests your code auditing/understanding and was able to flex some dev muscles. Root complete! PM for nuggets.

  • O M G
    I've been running on this thing for 3 days and finally rooted.
    The hardest part for me was the user and I ended up writing my own code for reversing (read here somewhere that this is not necessary but I'm not sure how).
    For root - I wrote some more bad to "steal" the output before it's gone, and then I used Mr. J to help. Really hope this was the intended way.

    Foothold - pay close attention to the notes left on the landing page. I didn't use dirb or anything of that sort.. it's pretty straight forward.

    User - well, I'll repeat someone above with a bit more context: you have f(x)*k = t you have t and f(x). Now you have to reverse the math...

    Root - You can do stuff when someone else's code is asleep

  • Also, regarding foothold and this box - it very much lives up to its name!!!!
    All this obscurity led me to chasing ghosts of LFI for hours. Took all that time to figure out is impossible with most file extensions.

    Another thingy - did anyone get a shell before the user? is that even possible? I tried for hours and gave up.

  • guys, im stuck at the beginning, I appreciate your help... how to enumerate this box? I tried gobuster, dirbuster and ffuf.. couldn't lead to anything ....

  • Rooted! This box got me to hacker rank :D
    While I really spend a loooong time on getting the inital foothold right (and, as I must confess, got annoyed by it more than once :sweat_smile: ), I thoroughly enjoyed the user part! Thanks to the creator @clubby789 and shoutout to @abhizer , @anak1n and especially @burntnoodle for helping me sort out my semicolons, double and single quotes ;)

  • Can somebody tell me what version of python (2 or 3) is used on the "0bscura" server ?


  • I started this box last night and it was driving me crazy, I knew what to look for (you should already know it by going through this thread and the website), but I couldn't find it, tried Dirbuster with all the wordlists with no success until it clicked. So, here is what I recommend:

    Initial foothold: use Dirbuster URL fuzz instead of Standard start point.


  • just rooted! my privesc was not the fanciest tho, I'd love to hear how others approached it :smile:

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~# 
  • edited April 11

    I'm new to python and need some help... I got the server code and want to test against it executing it in my box. I need some help to trace how the code gets executed. I try to run it from command line and it returns with no error nor answer, and does not stand as a server (executing in the background and listening on a tcp port) and no output!
    Seems like if the code just defines the classes but there is not a "main" function which launches and stays running! Someone to help creating this "main" function?

  • @101pipers you can do it that way or you can make it easier on yourself and launch interactive python as all you need to test locally are 3 lines of code already within the script.


  • Thanks @clubby789 :) I enjoyed the machine very much ^^

  • Hello, I'm having some problems with the SSS.py file.
    I actually understood that the vuln is in that ex** function however I'm not able to exploit it.

    Someone can give me a nudge?

  • Just rooted.

    It's indeed a great box to test your problem-solving skills.

    Initial foothold is as basic as typical enumerations, but getting to user and root is the whole point of this box.

    Feel free to PM me if you require any help on user and root.
    Happy to help :)
    Hack The Box

Sign In to comment.