Fatty

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

Type your comment> @idevilkz said:

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

Type your comment> @sm4sh0ps said:

Type your comment> @idevilkz said:

hi guys, wonder if someone can give me a nudge. I have got the .zip file and updated the .xml in it with right creds etc.
I can run the file and it loads a username and password interface but all the menu options are greyed out ?

a nudge would be welcome

Most likely that the user authenticated doesn’t have the correct role for the options to be enabled.

I am getting
nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml
most possibly when I am packing the jar back, its not liking it. I am using jar to pack it pack, suppose I have to use some other tool

That issue can be circumvented by removing certain files (there is a clue earlier in this thread). I had more success creating my own client using the existing sources. This gives you more control and flexibility when on the path to user.

thanks pal, i shall give it a bash.

Rooted! :smiley:

What a journey!!! My first Insane rooted box!
So frustrating initially, I left and came back after a while many times, I’ve been through the java part (thanks to @HomeSen for helping to configure the initial m****n project) and got user after a long journey of trial and errors…

The root part has been “blindly” difficult, initially! So thanks to @bobd91 and @blaudoom, your nudges got me on the right path. Persistence did the rest :wink:

nice box

Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I’ve done so far and what information I’m talking about.

Type your comment> @marlasthemage said:

Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I’ve done so far and what information I’m talking about.

DM

I’ll be honest, I was hoping that this box would get retired this week so I could finally see what I’m doing wrong but alas, I’ll have to keep trying.

I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing ‘something’ but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn’t.

If anyone wants to send a nudge my way, either here or DM, I’ll be most grateful

Type your comment> @sloth1985 said:

I’ll be honest, I was hoping that this box would get retired this week so I could finally see what I’m doing wrong but alas, I’ll have to keep trying.

I now have a working client in eclipse so I can edit it. I have the server source code and I think I know what I need to do but I am still missing ‘something’ but not sure what yet. I have an SQL injection that as far as I can see should work but it doesn’t.

If anyone wants to send a nudge my way, either here or DM, I’ll be most grateful

DM

Finally rooted this beast! I enjoyed the journey of the development of a python client, java source code analysis, and root… holy cow, what an interesting one.

Thanks @qtc!

Would really appreciate if someone is able to give a little hint on root @.@ i have a hunch on what to do to exploit s**, but after trying multiple attacks/existing vulnerabilities on the t** file type, it didnt pay off, am i missing something?

Edit: rooted, thanks @applepyguy @daemonzone @Ranaivmi, to which without you three, this box would’ve killed me, and thanks especially to you @applepyguy

To others, root hints, the file is constantly overwritten. That’s all i can give, if it’s spoiler, do remove. Thanks @qtc for the box!

If anyone has a sec, I think I’ve gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I’m at the stage just before finally getting a foothold for user. Thanks.

Type your comment> @corpnobbs said:

If anyone has a sec, I think I’ve gone down a major rabbit hole and could do with a sanity check. I know exactly what I need to do but am very likely overthinking - I’m at the stage just before finally getting a foothold for user. Thanks.

DM

Finally got root.

Firstly I’d like to thank @Zard and @Kukrimate for their help with this box. I’d still be stuck with this one without their help.

There are a lot of words that can be used to describe this box and I’ve used most of them over the last few weeks but tough would be the one I’d use, real tough. So far out of my comfort zone I’ll have to use a map to get back there. I’m still no Java expert but I know a lot more now than I did before so I guess the box did what it should.

To anyone attempting this box, don’t give up. This box is like a production machine, no CTF stuff to worry about.

just got root and collapses in a heap. Wow - what a box that was. Very inventive and realistic. Took a fair bit of hand holding at the end there but it was worth the effort. Thanks to the box makers.

FINALLY rooted. This box truly was insane. Thanks a ton to @zard, @corpnobbs, @sloth1985, and @daemonzone for the pushes.

I don’t consider this a spoiler, but if someone does feel free to report:
For those struggling with working with the initial client and don’t want to fuss with eclipse, JD-GUI can save the source code.

You can compile a single .java file with: javac -classpath <initial jar> <.java file>. Make sure you’re using the correct javac version…it’s separate from the java version so you’ll need to make sure both are the same.

You can recompile jars with jar cmf <manifest file> <new jar name> ./*

Working with eclipse was extremely frustrating for me, so that’s how I updated and recompiled things.

slow but steady here with some help.
I have sat back on this and gone and learned some basic Java so I know what is what.
found a JVM reverse engineering lab at tryhackme which definitely helped a little.

I am at that point that I have got the initial client working
I have also got the modified client working too and looking at a certain class file, I can see it is doing something to display something interesting however I must be doing something wrong for me to not be able to display information via my code (possibly my lack of java knowledge)

on that bombshell, can I ask for a little nudge please, obviously in a PM

Feel free to PM @idevilkz either here or on discord. Happy to help with the working with the java cilent on this, although I’m still struggling with that last nail in root.

…and rooted. Special thanks to @applepyguy for nudging me along and listening to lots of ideas that wouldn’t work!

Ended up spending too much time laser-focused on a particular strategy at the end that couldn’t work due to a hidden detail; I should have stepped back much earlier and rethought a key assumption.

User was super enjoyable but not too tough (I have some background in Java though), and I got to execute an attack I’d heard of but never done, which was nice.

Root was painfully enjoyable, and I now have a new technique to apply when the situation calls for it.

okay first of all, thanks to @frenata @blaudoom @marlasthemage for their continuous support and bearing with me whilst I continually pestered them. Not that I have finished but just got the user today.

For me, I had to start from scratch on this and had to get my basics in Java correct. I signed up for a Java course on udemy too to get my head around and it has helped me.

Getting to understand the basics of this machine took me nearly 4-5 days, to get NAT’ing working, took me 2 days alone but as its hands on, the experience is with me for life.

The machine itself should not be insane but if there is another word for extreme then this one is it.

I only have hard and insane Linux boxes left so had to start somewhere but If I knew this was mostly Java based, I wouldn’t have touched it but as I went in, I committed to it.

This doesn’t mean I will touch another similar machine again in future :slight_smile:

I have got user today finally and I am giving myself a little break before attempting the root but hopefully that should be easier than initial foothold and the user.

Also, I have made a backup of backup of backup of my notes for this as I won’t be able to solve it again tomorrow if notes disappear :slight_smile:

Conclusion so far: Java was hard to start with but once the basics are done then it becomes easier, still not that much easier but workable.

my advice would be don’t give up, I walked away from it and then thought a little, asked a lot from peeps here, read about Java and injections and it eventually worked out.

I’ve rooted it
Thanks @idevilkz, @frenata, @idomino and espesially @marlasthemage for hints when I was truing get user.
Thanks @qtc for interesting box. I improved my swear-word dictionary while was tuing to solve this box :slight_smile: