Official Laser Discussion

I can see why this box is rated insane. I’ve spent pretty much all day on it and I’ve made almost no progress.

I found a website which helped me build a scanner I could use, I found a new thing listening and I think have found vulns on the new thing, but nothing is working.

Going to give up and take a break for a while I think.

@TazWake said:

I can see why this box is rated insane. I’ve spent pretty much all day on it and I’ve made almost no progress.

I found a website which helped me build a scanner I could use, I found a new thing listening and I think have found vulns on the new thing, but nothing is working.

Going to give up and take a break for a while I think.

Don’t give up buddy, if you found something answering you are close to the graal.

@Caracal said:

Don’t give up buddy, if you found something answering you are close to the graal.

Thanks, I won’t completely give up - I just needed a break (and passage helped!).

Yeah, at the moment I can send to the $thing and I can see a different response if I hit the wrong $thing or send the wrong data to it, but I cant seem to get the code to display the content of the response. Tiny bit frustrating but I think I’ve gone blind to any errors I’ve made.

Hopefully, fresh eyes tomorrow (or a day or two) will help.

EDIT: progress at last!

can someone give me hints to get user? i got connection back but dont know what to do :expressionless:

Haven’t started this machine yet, but looking at first bloods, it took 4min to get user …
That must be the first for an Insane level machine…

Edit; yup just realized that was what everyone talked about on page #1 :stuck_out_tongue:

Such an excellent box! really enjoyed it.

PM for nudges, hints or sanity checks

@acidbat said:

Edit; yup just realized that was what everyone talked about on page #1 :stuck_out_tongue:

Yeah - sadly that door got closed…

I have to admit it took me about 3 days to get user on this box. A mix of a typo I never noticed for a long time, it being really challenging and some things I just needed to learn, made it quite a steep journey.

I still haven’t got round to rooting it - I had a look, couldn’t see the easy button then got distracted by work.

I just got to read that documentation around g**C, i know nothing about that. Can i reasonnably think I’ll get somewhere ?

@lebutter said:

I just got to read that documentation around g**C, i know nothing about that. Can i reasonnably think I’ll get somewhere ?

Definitely! You’re on the right track. I suggest having another read of the Usage section of the decrypted file and then searching for a certain Python module (g*****-****s) that will help you generate some code to use.

Yes that’s what i did yesterday evening, it was easier than i thought. Still no user in sight though lol

@lebutter said:

Yes that’s what i did yesterday evening, it was easier than i thought. Still no user in sight though lol

Then I’m not sure how much this will help but if you’ve defined the service correctly using p****f you’re almost there. You just need to write some code to interact with the gC server. The main components are a channel (for the connection), a stub (to call the specific method) and content to pass to that method, the form the content should be in is hinted at in the document.

It’s difficult to explain without giving too much away, you’re welcome to PM me for a bit more of a nudge.

Thanks amigo, I think i got that to work, i stopped for the day after getting the client/server talk to work, foudn out the format to use etc… I’ll carry one with the next stages tonight, good to know the user flag shouldn’t be too far after that !

Finally completed it, i think that’s my first insane box, what a marathon box, it never ends…

What’s really hard is that at 2 points it requires a bit of guessing, so you may be doing the right thing, it’s easy to stop if no positive outcome appears… while you’re actually doing the right thing and just missing a bit of random trial and error.

Rooted…
…but with an enormous load of help from a friend who’s definitely way better skilled than me.
I thought it would have been a good thing to try teaming up in order to learn better.
I’m not sure that it was a success, because i do not have understood all the passages, especially the g**c part, where I’ve got almost totally lost, and i just followd him on the thing.
Root was different. Here I got a grip on the path almost immediately, but i totally missed the “reflective” part.
I would like to say that i’ve learnt a lot, but it’s not completely true. I trailed a lot and I still have to understand too many things.

This was such a great box! Thanks @MrR3boot & @R4J! User was very long, very fun, but in my comfort zone. Did remind me of travel, which was great, as I also really liked that box!
Getting root was less involved, but outside my comfort zone, so it took me some time and a helpful nudge from @nathantemplar! Thanks!
If someone wants a small nudge or a sanity check, feel free to send me a pm!

Thanks for the feedback and Good work!

How one supposed to proceed with “blind” part of the journey?

My dream to send picture of my ■■■■ on my neighbour printer will finally come true !

Ok I need a hint here.

I’ve discovered the g*** client and the a***** s*** on p*** 8**3

I’ve found the vulnerability with velo**** and someone tipped me to use go**** to perform the POST request on stag*** coll******.

So I have a python script sending the g***** request (this one take so much time…) then the RCE request and sometime it works but most of the time it doesn’t…

I think that I’m missing something here and the time it worked was because I’ve used another user path but i can’t figure out what I’ve forgotten…

If someone can DM me to provide some help that would be great :slight_smile:

Thanks in advance

Type your comment> @kenokeefe said:

Ok I need a hint here.

I’ve discovered the g*** client and the a***** s*** on p*** 8**3

I’ve found the vulnerability with velo**** and someone tipped me to use go**** to perform the POST request on stag*** coll******.

So I have a python script sending the g***** request (this one take so much time…) then the RCE request and sometime it works but most of the time it doesn’t…

I think that I’m missing something here and the time it worked was because I’ve used another user path but i can’t figure out what I’ve forgotten…

If someone can DM me to provide some help that would be great :slight_smile:

Thanks in advance

you can DM me if you still need help