ForwardSlash

can anyone give me a hint on the python c****o either on a smarter way of attacking it, i’m having issue with brute forcing it, possibly python 2.7 vs 3 string processing reading from files

got /se****-s****s/. but no files…
stuck for almost 2 hr!
can anyone show me light?

Rooted, very nice box! PM for hints ?

Really fun box - ended up using brute force on the c****o. Did anybody figure out the maths and solve it that way?

edit** I think I figured out what I was doing wrong on the c**** part.

Rooted. This was my first hard box root, and it was a doozy. Thanks to @InfoSecJack and @chivato for creating this machine!

Giving hints here would kind of ruin what makes this box a challenging learning experience, so if you’d like a nudge, let me know what you’ve already tried and I can do my best to help out without spoiling the adventure too much.

Rooted. Big thanks for @EvilT0r13 and @sk4 for the nuggets.

Any nudge would be appreciated, I’m sure I’m overthinking something. I’m at bp moving from c to p**. I can PM with the details

Hi, which word list did u guys used to fuzz the xml file?

Type your comment> @c2m1 said:

Really fun box - ended up using brute force on the c****o. Did anybody figure out the maths and solve it that way?

I sorta did, if you want to PM I can explain

Nice box. A lot of effort to get from c->p
Whether intentional or not, I got the required pre-req for root prior to p
To me root was v simple then (9 minutes apparently, and some of that was reversing when I realised that one of the reasons I was in p was to submit the contents of a file).

Also having a real hard time with the c****o, could use a nudge. Tried a lot of python stuff, couldn’t figure it out mathematically, BF also seems insane without another piece of information…

One of the boxes that it turned out to like quite a lot :slight_smile:
congratulations to the creators! :smile:

Hey i tried to bruteforce key with rockyou.txt but so far get nothing am i in right way?

found login/sign_up page b*****.***********h.b . and also found a dir d under it, 403 forbidden error, but stuck on that…couldn’t move forward. Any help wiil be appreciated

Can anyone provide any direction for using the binary for user1 → user2 ? Been looking at it in IDA but can’t really understand how it can be abused.

@buhaytza2005 , use ltrace to figure out what it’s doing. Give it what it wants with what you want hidden underneath

I haven’t (quite) gotten user yet, but I already love this box!

I have just (theoretically) broken the cipher, will code a cracker tomorrow.
To all: Don’t be intimidated by the cipher, it’s relatively easy to crack and really satisfying!
It’s all about writing the encryption method down in a such a way, that you can see the pattern. I’ve written it down in a mathematical notation, which took a little thinking, but then I almost immediately saw the pattern on how to crack it.

Great box so far! Thanks for this box and for the idea with the custom encryption @InfoSecJack and @chivato! Respect incoming!

Turns out I made a mistake. The cipher reveals something but I was unable to break it in the strictest sense. That being said it is weak to dict attacks.
Pay attention to the input though. There is a small detail that you need to take care of, otherwise decrypting won’t work.

Finally got root after a few days of working on it. What a trip, this box was fun start to finish. If you need a nudge PM on HTB not forum.

need help,

i found LFI and get get c*****.php mysql password of www-data and get a**.php but i don’t know how to use that password…

should i get more file from server or enumerate further…
it is my first hard machine…

thanks

edit: rooted :slight_smile: thanks for helping me @zard and others for nudge PM