Fatty

1235

Comments

  • Fun fact about the box is that i was learning IPTABLES and used that to connect through the application without any source code modification. But even after logging into the client app i am lost.Any nudges would be awesome?

  • Type your comment> @offsecin said:

    Fun fact about the box is that i was learning IPTABLES and used that to connect through the application without any source code modification. But even after logging into the client app i am lost.Any nudges would be awesome?

    yeah, me too, used ssh to switch ports ;-)
    But it didn't save me from code modification at a later stage...

  • @daemonzone
    I got to know what i have to do,just trying to replicate that.

  • This might have been the most fun I have had with a box. I do not work in infosec, but as an Java developer, so It was fun utilizing my skills here.

    User: You dont always have to break stuff, Stuff can be built from blocks.

    Root: Ever tried to check which java version you have with which java, those are some arrows to follow. Applies to other than java too.

    thx @qtc

    Blaudoom
    Discord: Blaudoom#1254

  • edited April 2020

    I'm very much enjoying this box.

    However, I'm frustrated with my approach of modifying the *.jar. Maybe someone here can guide me into another direction.

    Currently I'm using Recaf to decompile and modify the bytecode. With this approach I'm obviously very inflexible in introducing larger changes. When I want to edit the java code directly in Recaf I have some issues for most files. It won't compile then.

    I also tried to somehow transfer it into eclipse and build it from there, but no luck so far.

    I'm at the point where I found the one implementation problem to find f****y_s*****.jar, but would need some more code changes to download it.

    Thank you!

  • I was able to use J*-G** to open the file, then save all the sources out to a zipfile, open the zip, make mods, remove all things associated with checksums, re-archive as a zipfile/jar, and use java -jar newzip.jar

    Maybe that will help you @BingoBaer ?

  • Type your comment> @BingoBaer said:

    I'm very much enjoying this box.

    However, I'm frustrated with my approach of modifying the *.jar. Maybe someone here can guide me into another direction.

    Currently I'm using Recaf to decompile and modify the bytecode. With this approach I'm obviously very inflexible in introducing larger changes. When I want to edit the java code directly in Recaf I have some issues for most files. It won't compile then.

    I also tried to somehow transfer it into eclipse and build it from there, but no luck so far.

    I'm at the point where I found the one implementation problem to find f****y_s*****.jar, but would need some more code changes to download it.

    Thank you!

    Look at the JAR file for what it was built with. Decompile the whole source and use the same "packager" for rebuilding ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited April 2020

    Thanks @applepyguy and @HomeSen !
    I was able to get it working with your help :)
    I'm not a Java dev, so I have not used that "packager" before.

    Lets start the real hacking now.

  • Type your comment> @BingoBaer said:
    > I'm very much enjoying this box.
    >
    > However, I'm frustrated with my approach of modifying the *.jar. Maybe someone here can guide me into another direction.
    >
    > Currently I'm using Recaf to decompile and modify the bytecode. With this approach I'm obviously very inflexible in introducing larger changes. When I want to edit the java code directly in Recaf I have some issues for most files. It won't compile then.
    >
    > I also tried to somehow transfer it into eclipse and build it from there, but no luck so far.
    >
    > I'm at the point where I found the one implementation problem to find f****y_s*****.jar, but would need some more code changes to download it.
    >
    > Thank you!

    I am this point as well,really need a nudge going forward from here.
    Anybody willing to help out here please let me know.
  • I have some questions on the login validation. Please DM if willing to help out.

  • I'm getting lost from user to root, a nudge will be great thankful. T.T

  • I don't like to give up on a machine but as this one is Java and I [email protected] hate Java (can't even get an editor working) I will move on to something else and circle back to this one in another lifetime.

  • edited May 2020

    Type your comment> @sloth1985 said:

    I don't like to give up on a machine but as this one is Java and I [email protected] hate Java (can't even get an editor working) I will move on to something else and circle back to this one in another lifetime.

    Read the java code for the client and create your own Python solution if you dont like Java. That's what I did :)

    EDIT: Successfully got my python client working and got User! What a fun challenge so far!

  • hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
    I can run the file and it loads a username and password interface but all the menu options are greyed out ?

    a nudge would be welcome

  • Type your comment> @idevilkz said:

    hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
    I can run the file and it loads a username and password interface but all the menu options are greyed out ?

    a nudge would be welcome

    Most likely that the user authenticated doesn't have the correct role for the options to be enabled.

    alt text

  • Type your comment> @sm4sh0ps said:

    Type your comment> @idevilkz said:

    hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
    I can run the file and it loads a username and password interface but all the menu options are greyed out ?

    a nudge would be welcome

    Most likely that the user authenticated doesn't have the correct role for the options to be enabled.

    I am getting
    nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
    most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

  • Type your comment> @idevilkz said:

    Type your comment> @sm4sh0ps said:

    Type your comment> @idevilkz said:

    hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
    I can run the file and it loads a username and password interface but all the menu options are greyed out ?

    a nudge would be welcome

    Most likely that the user authenticated doesn't have the correct role for the options to be enabled.

    I am getting
    nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
    most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

    That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

    alt text

  • Type your comment> @sm4sh0ps said:

    Type your comment> @idevilkz said:

    Type your comment> @sm4sh0ps said:

    Type your comment> @idevilkz said:

    hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
    I can run the file and it loads a username and password interface but all the menu options are greyed out ?

    a nudge would be welcome

    Most likely that the user authenticated doesn't have the correct role for the options to be enabled.

    I am getting
    nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
    most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

    That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

    thanks pal, i shall give it a bash.

  • Rooted! :smiley:

    What a journey!!! My first Insane rooted box!
    So frustrating initially, I left and came back after a while many times, I've been through the java part (thanks to @HomeSen for helping to configure the initial m****n project) and got user after a long journey of trial and errors...

    The root part has been "blindly" difficult, initially! So thanks to @bobd91 and @blaudoom, your nudges got me on the right path. Persistence did the rest ;-)
  • edited May 2020

    nice box

  • Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I've done so far and what information I'm talking about.

    marlasthemage

  • Type your comment> @marlasthemage said:

    Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I've done so far and what information I'm talking about.

    DM

  • I'll be honest, I was hoping that this box would get retired this week so I could finally see what I'm doing wrong but alas, I'll have to keep trying.

    I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing 'something' but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn't.

    If anyone wants to send a nudge my way, either here or DM, I'll be most grateful

  • Type your comment> @sloth1985 said:

    I'll be honest, I was hoping that this box would get retired this week so I could finally see what I'm doing wrong but alas, I'll have to keep trying.

    I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing 'something' but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn't.

    If anyone wants to send a nudge my way, either here or DM, I'll be most grateful

    DM

  • Finally rooted this beast! I enjoyed the journey of the development of a python client, java source code analysis, and root... holy cow, what an interesting one.

    Thanks @qtc!

  • edited May 2020

    Would really appreciate if someone is able to give a little hint on root @[email protected] i have a hunch on what to do to exploit s**, but after trying multiple attacks/existing vulnerabilities on the t** file type, it didnt pay off, am i missing something?

    Edit: rooted, thanks @applepyguy @daemonzone @Ranaivmi, to which without you three, this box would've killed me, and thanks especially to you @applepyguy

    To others, root hints, the file is constantly overwritten. That's all i can give, if it's spoiler, do remove. Thanks @qtc for the box!

  • If anyone has a sec, I think I've gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I'm at the stage just before finally getting a foothold for user. Thanks.

    corpnobbs
    OSCP | OSWP | so much more to learn ...

  • Type your comment> @corpnobbs said:

    If anyone has a sec, I think I've gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I'm at the stage just before finally getting a foothold for user. Thanks.

    DM

  • Finally got root.

    Firstly I'd like to thank @Zard and @Kukrimate for their help with this box. I'd still be stuck with this one without their help.

    There are a lot of words that can be used to describe this box and I've used most of them over the last few weeks but tough would be the one I'd use, real tough. So far out of my comfort zone I'll have to use a map to get back there. I'm still no Java expert but I know a lot more now than I did before so I guess the box did what it should.

    To anyone attempting this box, don't give up. This box is like a production machine, no CTF stuff to worry about.

  • just got root and collapses in a heap. Wow - what a box that was. Very inventive and realistic. Took a fair bit of hand holding at the end there but it was worth the effort. Thanks to the box makers.

    corpnobbs
    OSCP | OSWP | so much more to learn ...

Sign In to comment.