ForwardSlash

One of the boxes that it turned out to like quite a lot :slight_smile:
congratulations to the creators! :smile:

Hey i tried to bruteforce key with rockyou.txt but so far get nothing am i in right way?

found login/sign_up page b*****.***********h.b . and also found a dir d under it, 403 forbidden error, but stuck on that…couldn’t move forward. Any help wiil be appreciated

Can anyone provide any direction for using the binary for user1 → user2 ? Been looking at it in IDA but can’t really understand how it can be abused.

@buhaytza2005 , use ltrace to figure out what it’s doing. Give it what it wants with what you want hidden underneath

I haven’t (quite) gotten user yet, but I already love this box!

I have just (theoretically) broken the cipher, will code a cracker tomorrow.
To all: Don’t be intimidated by the cipher, it’s relatively easy to crack and really satisfying!
It’s all about writing the encryption method down in a such a way, that you can see the pattern. I’ve written it down in a mathematical notation, which took a little thinking, but then I almost immediately saw the pattern on how to crack it.

Great box so far! Thanks for this box and for the idea with the custom encryption @InfoSecJack and @chivato! Respect incoming!

Turns out I made a mistake. The cipher reveals something but I was unable to break it in the strictest sense. That being said it is weak to dict attacks.
Pay attention to the input though. There is a small detail that you need to take care of, otherwise decrypting won’t work.

Finally got root after a few days of working on it. What a trip, this box was fun start to finish. If you need a nudge PM on HTB not forum.

need help,

i found LFI and get get c*****.php mysql password of www-data and get a**.php but i don’t know how to use that password…

should i get more file from server or enumerate further…
it is my first hard machine…

thanks

edit: rooted :slight_smile: thanks for helping me @zard and others for nudge PM

Whoops. Turned out that pattern I saw in the crypto gave me some information but not (yet?) all. Will still do some work on this.

Any nudges about b***** crypto breaking?

Type your comment> @hasky said:

need help,

i found LFI and get get c*****.php mysql password of www-data and get a**.php but i don’t know how to use that password…

should i get more file from server or enumerate further…
it is my first hard machine…

thanks

you need to go deeper and find files/directories on the host you’re searching for.

Type your comment> @targodan said:

Whoops. Turned out that pattern I saw in the crypto gave me some information but not (yet?) all. Will still do some work on this.

i would say you have what you need:) its a weak cypher.

Finally rooted after a lot of struggle !!! Thanks @InfoSecJack & @chivato for giving such a great box ??

a lot of struggle for this one, my first difficult box, needed some help for c***o part, great box overall

Found LFI & XSS…But can’t get a way to shell…

@febinrev said:

Found LFI & XSS…But can’t get a way to shell…

Depends what you mean about getting a “shell” but LFI is very useful for getting access to the box in a secure shell.

Type your comment> @TazWake said:

@febinrev said:

Found LFI & XSS…But can’t get a way to shell…

Depends what you mean about getting a “shell” but LFI is very useful for getting access to the box in a secure shell.

yes, i mean i have no idea which file i have to read to obtain the creds…I think it may be co****.**p

@febinrev said:

yes, i mean i have no idea which file i have to read to obtain the creds…

The text document on the lower port tells you this.

Got root.
I love this box.
But decrypting part killed me as I’m not much on programming.
Thanks to the creators.

I am completely lost with that c***o stuff… i encrypt one letter with one letter, and log its hex value. That’s one thing.

If i dump that into a file and check it out with “od -x” the hex value of the same letter has become something different.