Official Intense Discussion

Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.

Type your comment> @mohabaks said:

Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.

I’m in the same spot… Swear I’m doing everything right and have tried the various options based on the source.

Edit: NVM had it right. silly mistake on my part…


NVM, I first needed to embarrass myself :tired_face: 

Sad to see this box seems to be retiring at the weekend.

It is a hard one, I’d suggest if you hadn’t already made progress on it by now, it probably isn’t worth starting.

No way, just got the admin secret. They can’t retire it !

Luckily, I managed to finish that one 2 days ago :slight_smile:

I really enjoyed that box and the fact that you (usually) won’t get a shell until you’re root :smiley:

@HomeSen said:
Luckily, I managed to finish that one 2 days ago :slight_smile:

I really enjoyed that box and the fact that you (usually) won’t get a shell until you’re root :smiley:

same here.

i really enjoyed all of the (different) challenges that machine provided. especially that last part which i have never done before.

thanks @sokafr for an absolutely amazing machine :wink:

@FaguoZai said:
No way, just got the admin secret. They can’t retire it !

i had the impression you were working on another machine :wink:

Can’t figure out how to trick that ■■■■ signature check. The code looks solid to me.

Bruteforcing the missing part seems a bit ambitious.

@xaif7aLe said:

i had the impression you were working on another machine :wink:

Well, I needed a break after few hours feeling lonely on that open source social network, talking to soul less people ! But I sure will get back to it

@FaguoZai said:
The code looks solid to me.

ouch! never trust homebrewed “security” solutions (especially when it comes to … that subject you were talking about) :wink:

@xaif7aLe said:

@FaguoZai said:
The code looks solid to me.

ouch! never trust homebrewed “security” solutions (especially when it comes to … that subject you were talking about) :wink:

Well, to be fair, it’s a quite subtle issue. And many people still don’t know that kind of attack (even though it already is quite old) :wink:

@HomeSen said:
Well, to be fair, it’s a quite subtle issue. And many people still don’t know that kind of attack (even though it already is quite old) :wink:

whenever i see critical functionality (i.e. protecting confidentiality, integrity, availability) implemented by hand (as in contrast to using a well tested and verified library) some alarm goes off :wink:

Sorry to see it go. One of my all time favourites. Took me weeks to finish, but I learned so much.

@TazWake said:

Sad to see this box seems to be retiring at the weekend.

It is a hard one, I’d suggest if you hadn’t already made progress on it by now, it probably isn’t worth starting.

Yeah got user!

@xaif7aLe and @HomeSen you made some cryptography lectures come back to my mind.

Now, what I found is intimidating

@FaguoZai just take small steps (this isn’t a cryptic hint)

Since so far I have just got remote read access I hope that “Everything is a file in Linux” stands here

you definitely don’t have to read everything; a single file will do.

go back to you nmap result to know which one.

Stuck on elevation of privilege. Just saw this is retiring so trying to get it before it does and wish I noticed earlier in the week. I have a shell at the moment and looking into the next steps. Happy to take a nudge. Just getting a shell took a while.

@kedetzer0 said:

Stuck on elevation of privilege. Just saw this is retiring so trying to get it before it does and wish I noticed earlier in the week. I have a shell at the moment and looking into the next steps. Happy to take a nudge. Just getting a shell took a while.

Read the source code and work out how to exploit the binary, then exploit it.

If you are good at binary exploitation this might be easy for you. I found it really, really challenging though.