I can see why this box is rated insane. I’ve spent pretty much all day on it and I’ve made almost no progress.
I found a website which helped me build a scanner I could use, I found a new thing listening and I think have found vulns on the new thing, but nothing is working.
Going to give up and take a break for a while I think.
I can see why this box is rated insane. I’ve spent pretty much all day on it and I’ve made almost no progress.
I found a website which helped me build a scanner I could use, I found a new thing listening and I think have found vulns on the new thing, but nothing is working.
Going to give up and take a break for a while I think.
Don’t give up buddy, if you found something answering you are close to the graal.
Don’t give up buddy, if you found something answering you are close to the graal.
Thanks, I won’t completely give up - I just needed a break (and passage helped!).
Yeah, at the moment I can send to the $thing and I can see a different response if I hit the wrong $thing or send the wrong data to it, but I cant seem to get the code to display the content of the response. Tiny bit frustrating but I think I’ve gone blind to any errors I’ve made.
Hopefully, fresh eyes tomorrow (or a day or two) will help.
Edit; yup just realized that was what everyone talked about on page #1
Yeah - sadly that door got closed…
I have to admit it took me about 3 days to get user on this box. A mix of a typo I never noticed for a long time, it being really challenging and some things I just needed to learn, made it quite a steep journey.
I still haven’t got round to rooting it - I had a look, couldn’t see the easy button then got distracted by work.
I just got to read that documentation around g**C, i know nothing about that. Can i reasonnably think I’ll get somewhere ?
Definitely! You’re on the right track. I suggest having another read of the Usage section of the decrypted file and then searching for a certain Python module (g*****-****s) that will help you generate some code to use.
Yes that’s what i did yesterday evening, it was easier than i thought. Still no user in sight though lol
Then I’m not sure how much this will help but if you’ve defined the service correctly using p****f you’re almost there. You just need to write some code to interact with the gC server. The main components are a channel (for the connection), a stub (to call the specific method) and content to pass to that method, the form the content should be in is hinted at in the document.
It’s difficult to explain without giving too much away, you’re welcome to PM me for a bit more of a nudge.
Thanks amigo, I think i got that to work, i stopped for the day after getting the client/server talk to work, foudn out the format to use etc… I’ll carry one with the next stages tonight, good to know the user flag shouldn’t be too far after that !
Finally completed it, i think that’s my first insane box, what a marathon box, it never ends…
What’s really hard is that at 2 points it requires a bit of guessing, so you may be doing the right thing, it’s easy to stop if no positive outcome appears… while you’re actually doing the right thing and just missing a bit of random trial and error.
Rooted…
…but with an enormous load of help from a friend who’s definitely way better skilled than me.
I thought it would have been a good thing to try teaming up in order to learn better.
I’m not sure that it was a success, because i do not have understood all the passages, especially the g**c part, where I’ve got almost totally lost, and i just followd him on the thing.
Root was different. Here I got a grip on the path almost immediately, but i totally missed the “reflective” part.
I would like to say that i’ve learnt a lot, but it’s not completely true. I trailed a lot and I still have to understand too many things.
This was such a great box! Thanks @MrR3boot & @R4J! User was very long, very fun, but in my comfort zone. Did remind me of travel, which was great, as I also really liked that box!
Getting root was less involved, but outside my comfort zone, so it took me some time and a helpful nudge from @nathantemplar! Thanks!
If someone wants a small nudge or a sanity check, feel free to send me a pm!
I’ve discovered the g*** client and the a***** s*** on p*** 8**3
I’ve found the vulnerability with velo**** and someone tipped me to use go**** to perform the POST request on stag*** coll******.
So I have a python script sending the g***** request (this one take so much time…) then the RCE request and sometime it works but most of the time it doesn’t…
I think that I’m missing something here and the time it worked was because I’ve used another user path but i can’t figure out what I’ve forgotten…
If someone can DM me to provide some help that would be great
I’ve discovered the g*** client and the a***** s*** on p*** 8**3
I’ve found the vulnerability with velo**** and someone tipped me to use go**** to perform the POST request on stag*** coll******.
So I have a python script sending the g***** request (this one take so much time…) then the RCE request and sometime it works but most of the time it doesn’t…
I think that I’m missing something here and the time it worked was because I’ve used another user path but i can’t figure out what I’ve forgotten…
If someone can DM me to provide some help that would be great