Official Intense Discussion

Finally rooted, but it was really hard.

This doesn’t make sense… the user is prevented from writing over the buffer. Is this a rabbit hole?

Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.

Type your comment> @mohabaks said:

Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.

I’m in the same spot… Swear I’m doing everything right and have tried the various options based on the source.

Edit: NVM had it right. silly mistake on my part…


NVM, I first needed to embarrass myself :tired_face: 

Sad to see this box seems to be retiring at the weekend.

It is a hard one, I’d suggest if you hadn’t already made progress on it by now, it probably isn’t worth starting.

No way, just got the admin secret. They can’t retire it !

Luckily, I managed to finish that one 2 days ago :slight_smile:

I really enjoyed that box and the fact that you (usually) won’t get a shell until you’re root :smiley:

@HomeSen said:
Luckily, I managed to finish that one 2 days ago :slight_smile:

I really enjoyed that box and the fact that you (usually) won’t get a shell until you’re root :smiley:

same here.

i really enjoyed all of the (different) challenges that machine provided. especially that last part which i have never done before.

thanks @sokafr for an absolutely amazing machine :wink:

@FaguoZai said:
No way, just got the admin secret. They can’t retire it !

i had the impression you were working on another machine :wink:

Can’t figure out how to trick that ■■■■ signature check. The code looks solid to me.

Bruteforcing the missing part seems a bit ambitious.

@xaif7aLe said:

i had the impression you were working on another machine :wink:

Well, I needed a break after few hours feeling lonely on that open source social network, talking to soul less people ! But I sure will get back to it

@FaguoZai said:
The code looks solid to me.

ouch! never trust homebrewed “security” solutions (especially when it comes to … that subject you were talking about) :wink:

@xaif7aLe said:

@FaguoZai said:
The code looks solid to me.

ouch! never trust homebrewed “security” solutions (especially when it comes to … that subject you were talking about) :wink:

Well, to be fair, it’s a quite subtle issue. And many people still don’t know that kind of attack (even though it already is quite old) :wink:

@HomeSen said:
Well, to be fair, it’s a quite subtle issue. And many people still don’t know that kind of attack (even though it already is quite old) :wink:

whenever i see critical functionality (i.e. protecting confidentiality, integrity, availability) implemented by hand (as in contrast to using a well tested and verified library) some alarm goes off :wink:

Sorry to see it go. One of my all time favourites. Took me weeks to finish, but I learned so much.

@TazWake said:

Sad to see this box seems to be retiring at the weekend.

It is a hard one, I’d suggest if you hadn’t already made progress on it by now, it probably isn’t worth starting.

Yeah got user!

@xaif7aLe and @HomeSen you made some cryptography lectures come back to my mind.

Now, what I found is intimidating

@FaguoZai just take small steps (this isn’t a cryptic hint)

Since so far I have just got remote read access I hope that “Everything is a file in Linux” stands here

you definitely don’t have to read everything; a single file will do.

go back to you nmap result to know which one.