Dyplesher

Guys… can someone provide me a clue to the coding step?

Running out of ideas here :confused:

I’m pretty confident I’m coding right… but not sure how to take advantage of this.

Edit:

Thanks @HomeSen for the help on the plugin part! :slight_smile:

Rooted.

Excellent box! Very creative :blush:

Rooted. This was a nice box. The initial Pln relo*g part is really really tough. But managed to write a plu**n with some help. Root part is much easier than user. But definitely, it’s a tough box for me.
Thanks for the adventurous box creator.

Wow what a ride! I loved writing a malicious p***** for S****, which I used to develop for when I was younger. Thank you so much @felamos and @yuntao for creating this box!

For those are stuck here are some hints, you can also message me if you need a nudge.

Initial Foothold: Mainly web and testing things. Have a look at what is there and piece it together. Once you have access to something that seems interesting do some experiments to see if you can get a shell.
User: Have a sniff around and see what you can find.
Root: You have sniffed something that smells good, plus there is a trail of easter eggs that you need to follow.

@pinnn said:

hmm, Is it possible to reset the box when it reaches the reset limit?

Yes.

Rooted. PM for hints :slight_smile:

What a crazy, deep machine! Took me a full week to complete. Just realized you get a badge “bedrock breaker” when owning it, lol, that makes sense!

Need a nudge on foothold , found login creds on 3000 but stuck after that

Type your comment> @CH30nJa3 said:

Need a nudge on foothold , found login creds on 3000 but stuck after that

Have only vague memories and a xmind map saved, but if you have the f… login, it means you are on the right track.

Very interesting box until now!! I’m near the user flag, and without IDE for the Java part :slight_smile: Not so Insane for the moment for me compare to MulltiMaster but nevertheless I am sweating…

It may get tough after certainly… :cry:

Edit: lol the Boxes are not isolated between them? I can see Alf**d from this VM on UDP port 9256:

A6065483524Alfd.#Main.00…10.10.10.74.clBlack…Alfd.A141103064O10.10.10.74.23.A341804448MAlfd.1A168749344MAlfd.0

Can anyone help me on the root part?.. I’m lost. I try to follow the white rabbit without success…

Can some one help me, i m stuck in enumeration part

Type your comment> @Impulse said:

if anyone is stuck u can pm me on discord impulse#9458

Please help me in enumeration part stuck in it

@prashantbhatt said:

@Impulse said:

if anyone is stuck u can pm me on discord impulse#9458

Please help me in enumeration part stuck in it

First - dont take this the wrong way - but this is an insane box. It is one of the harder insane boxes as well. I strongly suggest you work on other boxes first - checking your profile you have only rooted Magic, so you would be much better working through some of the less challenging boxes.

With this box you will need to generate custom code, possibly in multiple languages. The enumeration phase is genuinely the easiest bit as it is fairly standard for HTB boxes.

So, if you really want to try this box:

  • Run nmap find open ports.
  • Look at the responses on the ports to see if anything needs to be changed in the Hosts file
  • Visit the services running on ports to gather information on their output
  • use a common directory tool to look for possibly hidden folders or files as these may contain useful information

When you have all this, analyse everything you have and determine a way forward.

@prashantbhatt said:

Please help me in enumeration part stuck in it

Please don’t consider it as discouragement. I just seen your profile and found that you just started the journey in HTB. Dyplesher is an insane machine and it is impossible for a person who is new to InfoSec to Pwn this without raining nudge requests to random people. I kindly suggest doing Easy, Medium, Hard machines first and once you feel comfortable you can try for an insane one.

Try easy machines like Doctor, Omni, Blunder. Later we can own any insane machine. Please PM me if you need any help. :slight_smile:

random Q… Been on this for a day, and managed to get as far as logging into the dashboard. Is anyone else having trouble with the menu? I click on the little three horizontal lines in the top left corner, but I get nothing. Tried 2 different browsers and run a coupe of resets. Prettu sure there should be more than just the dashboard page, and that I should have more access to ‘other stuff’

Is there a way to dump all k*** from m*******? I have tried various APIs but none of them seem to support that call in the available mode. I am using a wordlist to dump a set of k*** at a time, but can’t be certain I have found everything. The s***s call indicates that there are 4 things to find, but I can only find 3.

Type your comment> @camk said:

Is there a way to dump all k*** from m*******? I have tried various APIs but none of them seem to support that call in the available mode. I am using a wordlist to dump a set of k*** at a time, but can’t be certain I have found everything. The s***s call indicates that there are 4 things to find, but I can only find 3.

@camk said:
Is there a way to dump all k*** from m*******? I have tried various APIs but none of them seem to support that call in the available mode. I am using a wordlist to dump a set of k*** at a time, but can’t be certain I have found everything. The s***s call indicates that there are 4 things to find, but I can only find 3.

actually guessing the k*** worked for me lol. if there is another way to it, can someone be so kind to share it with me?

This machine really made me understand what “insane” stands for.
First of all, again thanks to @TazWake and thanks also to @justAhmed.
My hints:

  • foothold is all about enumeration. you must collect EVERYTHING. Use the right tools and don’t be dumb like me that i literally wasted hours using the wrong ones. What follows is a merry-go-round back and forth from low to high to mid ports…very funny and a powerful learning experience
  • user was terribly hard for me. As usual, when it comes to coding, i had to ask for help to someone who chews that practice better than me. he eventually helped me into translating into a working snippet of code my idea.
  • root was simply amazing. It is something you suspect since the very early beginning, but doing it is something really different.

got user. thanks @justAhmed for steering me in the right direction when I was heading way too deep into m*******. now time to look for those easter eggs.

update: rooted. very cool box - I learned a lot.

some hints:

  • foothold: previous hints are right, enumerate carefully, and save everything you find. there are quite a few steps, so each time you find something, see where it can take you. no need to get a reverse shell; a good web shell is enough.
  • user: work out what you can do, and follow your nose. save what you find, there is something extra you will need later.
  • root: you will find a helpful hint, but remember the constraints of the box and stay local.