ForwardSlash

Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

@0x41 said:
Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

bad idea. if rockyou dosen’t work for you, you’re doing something wrong.

Thank you both a lot … you’re awesome … Your both point of view is correct … I was able to get it by both ways … Thank you … Insane Machine … thanks for the creators @InfoSecJack & @chivato … I have learned really a lot in those 2 days, I wish the attached mp3 wasn’t empty;) … I’m so interested in know if that image has another path to the solution …

Final step I had found it exist … SO I have to undo what else leave behind and re-do the final step again … then clean my work …

can anyone give me a hint on the python c****o either on a smarter way of attacking it, i’m having issue with brute forcing it, possibly python 2.7 vs 3 string processing reading from files

got /se****-s****s/. but no files…
stuck for almost 2 hr!
can anyone show me light?

Rooted, very nice box! PM for hints ?

Really fun box - ended up using brute force on the c****o. Did anybody figure out the maths and solve it that way?

edit** I think I figured out what I was doing wrong on the c**** part.

Rooted. This was my first hard box root, and it was a doozy. Thanks to @InfoSecJack and @chivato for creating this machine!

Giving hints here would kind of ruin what makes this box a challenging learning experience, so if you’d like a nudge, let me know what you’ve already tried and I can do my best to help out without spoiling the adventure too much.

Rooted. Big thanks for @EvilT0r13 and @sk4 for the nuggets.

Any nudge would be appreciated, I’m sure I’m overthinking something. I’m at bp moving from c to p**. I can PM with the details

Hi, which word list did u guys used to fuzz the xml file?

Type your comment> @c2m1 said:

Really fun box - ended up using brute force on the c****o. Did anybody figure out the maths and solve it that way?

I sorta did, if you want to PM I can explain

Nice box. A lot of effort to get from c->p
Whether intentional or not, I got the required pre-req for root prior to p
To me root was v simple then (9 minutes apparently, and some of that was reversing when I realised that one of the reasons I was in p was to submit the contents of a file).

Also having a real hard time with the c****o, could use a nudge. Tried a lot of python stuff, couldn’t figure it out mathematically, BF also seems insane without another piece of information…

One of the boxes that it turned out to like quite a lot :slight_smile:
congratulations to the creators! :smile:

Hey i tried to bruteforce key with rockyou.txt but so far get nothing am i in right way?

found login/sign_up page b*****.***********h.b . and also found a dir d under it, 403 forbidden error, but stuck on that…couldn’t move forward. Any help wiil be appreciated

Can anyone provide any direction for using the binary for user1 → user2 ? Been looking at it in IDA but can’t really understand how it can be abused.

@buhaytza2005 , use ltrace to figure out what it’s doing. Give it what it wants with what you want hidden underneath

I haven’t (quite) gotten user yet, but I already love this box!

I have just (theoretically) broken the cipher, will code a cracker tomorrow.
To all: Don’t be intimidated by the cipher, it’s relatively easy to crack and really satisfying!
It’s all about writing the encryption method down in a such a way, that you can see the pattern. I’ve written it down in a mathematical notation, which took a little thinking, but then I almost immediately saw the pattern on how to crack it.

Great box so far! Thanks for this box and for the idea with the custom encryption @InfoSecJack and @chivato! Respect incoming!

Turns out I made a mistake. The cipher reveals something but I was unable to break it in the strictest sense. That being said it is weak to dict attacks.
Pay attention to the input though. There is a small detail that you need to take care of, otherwise decrypting won’t work.

Finally got root after a few days of working on it. What a trip, this box was fun start to finish. If you need a nudge PM on HTB not forum.