can anyone give me a hint on the python c****o either on a smarter way of attacking it, i’m having issue with brute forcing it, possibly python 2.7 vs 3 string processing reading from files
got /se****-s****s/. but no files…
stuck for almost 2 hr!
can anyone show me light?
Rooted, very nice box! PM for hints ?
Really fun box - ended up using brute force on the c****o. Did anybody figure out the maths and solve it that way?
edit** I think I figured out what I was doing wrong on the c**** part.
Rooted. This was my first hard box root, and it was a doozy. Thanks to @InfoSecJack and @chivato for creating this machine!
Giving hints here would kind of ruin what makes this box a challenging learning experience, so if you’d like a nudge, let me know what you’ve already tried and I can do my best to help out without spoiling the adventure too much.
Any nudge would be appreciated, I’m sure I’m overthinking something. I’m at bp moving from c to p**. I can PM with the details
Hi, which word list did u guys used to fuzz the xml file?
Type your comment> @c2m1 said:
Really fun box - ended up using brute force on the c****o. Did anybody figure out the maths and solve it that way?
I sorta did, if you want to PM I can explain
Nice box. A lot of effort to get from c->p
Whether intentional or not, I got the required pre-req for root prior to p
To me root was v simple then (9 minutes apparently, and some of that was reversing when I realised that one of the reasons I was in p was to submit the contents of a file).
Also having a real hard time with the c****o, could use a nudge. Tried a lot of python stuff, couldn’t figure it out mathematically, BF also seems insane without another piece of information…
One of the boxes that it turned out to like quite a lot
congratulations to the creators!
Hey i tried to bruteforce key with rockyou.txt but so far get nothing am i in right way?
found login/sign_up page b*****.***********h.b . and also found a dir d under it, 403 forbidden error, but stuck on that…couldn’t move forward. Any help wiil be appreciated
Can anyone provide any direction for using the binary for user1 → user2 ? Been looking at it in IDA but can’t really understand how it can be abused.
@buhaytza2005 , use ltrace to figure out what it’s doing. Give it what it wants with what you want hidden underneath
I haven’t (quite) gotten user yet, but I already love this box!
I have just (theoretically) broken the cipher, will code a cracker tomorrow.
To all: Don’t be intimidated by the cipher, it’s relatively easy to crack and really satisfying!
It’s all about writing the encryption method down in a such a way, that you can see the pattern. I’ve written it down in a mathematical notation, which took a little thinking, but then I almost immediately saw the pattern on how to crack it.
Great box so far! Thanks for this box and for the idea with the custom encryption @InfoSecJack and @chivato! Respect incoming!
Turns out I made a mistake. The cipher reveals something but I was unable to break it in the strictest sense. That being said it is weak to dict attacks.
Pay attention to the input though. There is a small detail that you need to take care of, otherwise decrypting won’t work.
Finally got root after a few days of working on it. What a trip, this box was fun start to finish. If you need a nudge PM on HTB not forum.
need help,
i found LFI and get get c*****.php mysql password of www-data and get a**.php but i don’t know how to use that password…
should i get more file from server or enumerate further…
it is my first hard machine…
thanks
edit: rooted thanks for helping me @zard and others for nudge PM