Fatty

I’m getting lost from user to root, a nudge will be great thankful. T.T

I don’t like to give up on a machine but as this one is Java and I f@ckin hate Java (can’t even get an editor working) I will move on to something else and circle back to this one in another lifetime.

Type your comment> @sloth1985 said:

I don’t like to give up on a machine but as this one is Java and I f@ckin hate Java (can’t even get an editor working) I will move on to something else and circle back to this one in another lifetime.

Read the java code for the client and create your own Python solution if you dont like Java. That’s what I did :slight_smile:

EDIT: Successfully got my python client working and got User! What a fun challenge so far!

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

Type your comment> @idevilkz said:

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

thanks pal, i shall give it a bash.

Rooted! :smiley:

What a journey!!! My first Insane rooted box!
So frustrating initially, I left and came back after a while many times, I’ve been through the java part (thanks to @HomeSen for helping to configure the initial m****n project) and got user after a long journey of trial and errors…

The root part has been “blindly” difficult, initially! So thanks to @bobd91 and @blaudoom, your nudges got me on the right path. Persistence did the rest :wink:

nice box

Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I’ve done so far and what information I’m talking about.

Type your comment> @marlasthemage said:

Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I’ve done so far and what information I’m talking about.

DM

I’ll be honest, I was hoping that this box would get retired this week so I could finally see what I’m doing wrong but alas, I’ll have to keep trying.

I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing ‘something’ but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn’t.

If anyone wants to send a nudge my way, either here or DM, I’ll be most grateful

Type your comment> @sloth1985 said:

I’ll be honest, I was hoping that this box would get retired this week so I could finally see what I’m doing wrong but alas, I’ll have to keep trying.

I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing ‘something’ but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn’t.

If anyone wants to send a nudge my way, either here or DM, I’ll be most grateful

DM

Finally rooted this beast! I enjoyed the journey of the development of a python client, java source code analysis, and root… holy cow, what an interesting one.

Thanks @qtc!

Would really appreciate if someone is able to give a little hint on root @.@ i have a hunch on what to do to exploit s**, but after trying multiple attacks/existing vulnerabilities on the t** file type, it didnt pay off, am i missing something?

Edit: rooted, thanks @applepyguy @daemonzone @Ranaivmi, to which without you three, this box would’ve killed me, and thanks especially to you @applepyguy

To others, root hints, the file is constantly overwritten. That’s all i can give, if it’s spoiler, do remove. Thanks @qtc for the box!

If anyone has a sec, I think I’ve gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I’m at the stage just before finally getting a foothold for user. Thanks.

Type your comment> @corpnobbs said:

If anyone has a sec, I think I’ve gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I’m at the stage just before finally getting a foothold for user. Thanks.

DM

Finally got root.

Firstly I’d like to thank @Zard and @Kukrimate for their help with this box. I’d still be stuck with this one without their help.

There are a lot of words that can be used to describe this box and I’ve used most of them over the last few weeks but tough would be the one I’d use, real tough. So far out of my comfort zone I’ll have to use a map to get back there. I’m still no Java expert but I know a lot more now than I did before so I guess the box did what it should.

To anyone attempting this box, don’t give up. This box is like a production machine, no CTF stuff to worry about.

just got root and collapses in a heap. Wow - what a box that was. Very inventive and realistic. Took a fair bit of hand holding at the end there but it was worth the effort. Thanks to the box makers.