Rooted. This was my first hard box root, and it was a doozy. Thanks to @InfoSecJack and @chivato for creating this machine!
Giving hints here would kind of ruin what makes this box a challenging learning experience, so if you’d like a nudge, let me know what you’ve already tried and I can do my best to help out without spoiling the adventure too much.
Nice box. A lot of effort to get from c->p
Whether intentional or not, I got the required pre-req for root prior to p
To me root was v simple then (9 minutes apparently, and some of that was reversing when I realised that one of the reasons I was in p was to submit the contents of a file).
Also having a real hard time with the c****o, could use a nudge. Tried a lot of python stuff, couldn’t figure it out mathematically, BF also seems insane without another piece of information…
found login/sign_up page b*****.***********h.b . and also found a dir d under it, 403 forbidden error, but stuck on that…couldn’t move forward. Any help wiil be appreciated
I haven’t (quite) gotten user yet, but I already love this box!
I have just (theoretically) broken the cipher, will code a cracker tomorrow. To all: Don’t be intimidated by the cipher, it’s relatively easy to crack and really satisfying! It’s all about writing the encryption method down in a such a way, that you can see the pattern. I’ve written it down in a mathematical notation, which took a little thinking, but then I almost immediately saw the pattern on how to crack it.
Great box so far! Thanks for this box and for the idea with the custom encryption @InfoSecJack and @chivato! Respect incoming!
Turns out I made a mistake. The cipher reveals something but I was unable to break it in the strictest sense. That being said it is weak to dict attacks.
Pay attention to the input though. There is a small detail that you need to take care of, otherwise decrypting won’t work.