Official OpenKeyS Discussion

For foothold : don’t blind yourself to what’s in front of you. Sometimes, the thing that you’ve been looking for has been right there all along. Who is responding to your request ?

Type your comment> @barw said:

@m4lwhere if you want to get it executed on OpenBSD, ensure you are using correct arch/instruct as well…

thank you, i believe that is the problem i’m having. troubleshooting continues…

edit: it is unnecessary to get that deep into the program, simple enumeration of it is necessary. I overlooked this during my initial examination then got lost setting up new openbsd vms ?

@tomunderhill said:

Hmm ok RE looks likely, first time ever for me , anyone got some good starting points to learn the basics of ELF RE? Spent an hour googling so far, but if anyone one has a leg up on how to use and understand the tools (ghidra / gdb etc) that’d be appreciated.

Keep getting stuck on ‘No such file or directory’ - possibly libc 95 ?
Not making sense to me but always keen to learn.

Please remove if its in any way a spoiler, but seeing as I haven’t even got foot hold… thought it was ok.

It’s indeed concerning libc, you need the right version.
About how to use the tools you can check LiveOverflow channel on youtube, you get the basics of gdb, other debugging tools and ELF RE.

Is it RE?

@iampachinko said:

Is it RE?

Who knows, if i answer that all the fun of the box will be gone.

Root!

uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)

@Caracal

Much appreciated, thanks for the confirmation and steer towards some relevant learning.

kinda struggling with root, anyone got a hint?

Really Interesting machine , learned some new skills, thanks @polarbearer and @GibParadox !

openkeys# id;whoami;hostname
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
root
openkeys.htb
openkeys# 

Feel free to DM For NUDGES! :wink:

@OrkaThaHacker said:

kinda struggling with root, anyone got a hint?

If you’ve done user, the root part is straightforward before even getting on the box. Come back to your notes and also maybe the different articles that you have read for the first part.

I am working on root myself. I am working on more enumeration at the moment. I have a path for elevation (I believe) but looking for credentials.

Nevermind on what I stated, not the correct path…

I’m struggling with the RE bit, most functions appear to be useless and the only one with an interesting name is undefined, so I can’t see how this binary could be of any use, or how to dig deeper. Any hints?

@Baud
No need for full RE, it helps with enumeration and googling… but no need to de-compile etc.

Only just got foothold/user myself after spending ages learning gdb and stepping through the executable.

As others have said before me, look for more obvious attack vectors from your enumeration, but a topical look at that binary is enough coupled with what enum should turn up to give you a possible path to google about.

pm for hints

rooted
no need for RE. Its more about RCE than RE.
Feel free to DM for nudges.
you can connect with me in telegram under hawksvision

Definetly that RE is rabbit hole. Stuck more than a day.

If you people are doing RE. My honest suggestion is: don’t do that. I think the creators of the box are a fan of rabbit-holes. Their before box " Admirer " is also having bunch of rabbit holes. Come on. Don’t do RE, if you want to own the box.

Remove if it is a spoiler.

Rooted .
I got stuck at user part a bit . I was blind . Didn’t do enough enum :frowning: .Thanks @alienum for opening my eyes .

As far as root goes i think was kind of easy . As long as you enumerate well and google is always our friend :wink:
No RE for this matter …

Rooted. Quite interesting box. The hardest part of my journey on this box is the OPENingKEYS.

Knock my inbox for hints.