Fatty

Type your comment> @BingoBaer said:

I’m very much enjoying this box.

However, I’m frustrated with my approach of modifying the *.jar. Maybe someone here can guide me into another direction.

Currently I’m using Recaf to decompile and modify the bytecode. With this approach I’m obviously very inflexible in introducing larger changes. When I want to edit the java code directly in Recaf I have some issues for most files. It won’t compile then.

I also tried to somehow transfer it into eclipse and build it from there, but no luck so far.

I’m at the point where I found the one implementation problem to find f****y_s*****.jar, but would need some more code changes to download it.

Thank you!

I am this point as well,really need a nudge going forward from here.
Anybody willing to help out here please let me know.

I have some questions on the login validation. Please DM if willing to help out.

I’m getting lost from user to root, a nudge will be great thankful. T.T

I don’t like to give up on a machine but as this one is Java and I f@ckin hate Java (can’t even get an editor working) I will move on to something else and circle back to this one in another lifetime.

Type your comment> @sloth1985 said:

I don’t like to give up on a machine but as this one is Java and I f@ckin hate Java (can’t even get an editor working) I will move on to something else and circle back to this one in another lifetime.

Read the java code for the client and create your own Python solution if you dont like Java. That’s what I did :slight_smile:

EDIT: Successfully got my python client working and got User! What a fun challenge so far!

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

Type your comment> @idevilkz said:

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

thanks pal, i shall give it a bash.

Rooted! :smiley:

What a journey!!! My first Insane rooted box!
So frustrating initially, I left and came back after a while many times, I’ve been through the java part (thanks to @HomeSen for helping to configure the initial m****n project) and got user after a long journey of trial and errors…

The root part has been “blindly” difficult, initially! So thanks to @bobd91 and @blaudoom, your nudges got me on the right path. Persistence did the rest :wink:

nice box

Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I’ve done so far and what information I’m talking about.

Type your comment> @marlasthemage said:

Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I’ve done so far and what information I’m talking about.

DM

I’ll be honest, I was hoping that this box would get retired this week so I could finally see what I’m doing wrong but alas, I’ll have to keep trying.

I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing ‘something’ but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn’t.

If anyone wants to send a nudge my way, either here or DM, I’ll be most grateful

Type your comment> @sloth1985 said:

I’ll be honest, I was hoping that this box would get retired this week so I could finally see what I’m doing wrong but alas, I’ll have to keep trying.

I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing ‘something’ but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn’t.

If anyone wants to send a nudge my way, either here or DM, I’ll be most grateful

DM

Finally rooted this beast! I enjoyed the journey of the development of a python client, java source code analysis, and root… holy cow, what an interesting one.

Thanks @qtc!

Would really appreciate if someone is able to give a little hint on root @.@ i have a hunch on what to do to exploit s**, but after trying multiple attacks/existing vulnerabilities on the t** file type, it didnt pay off, am i missing something?

Edit: rooted, thanks @applepyguy @daemonzone @Ranaivmi, to which without you three, this box would’ve killed me, and thanks especially to you @applepyguy

To others, root hints, the file is constantly overwritten. That’s all i can give, if it’s spoiler, do remove. Thanks @qtc for the box!

If anyone has a sec, I think I’ve gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I’m at the stage just before finally getting a foothold for user. Thanks.

Type your comment> @corpnobbs said:

If anyone has a sec, I think I’ve gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I’m at the stage just before finally getting a foothold for user. Thanks.

DM