Official RopeTwo Discussion

13»

Comments

  • User part is not hard. :smile:

  • edited October 2020

    Type your comment> @HKHK said:

    User part is not hard. :smiley:

    Will try getting root now

  • I've compiled the program and set a breakpoint on the new function.

    It hard crashes with

    Thread 1 "**" received signal SIGILL, Illegal instruction.
    

    as soon as it is hit, Is this intentional or have I screwed up on the compilation stage

  • @sebiV said:

    I've compiled the program and set a breakpoint on the new function.

    It hard crashes with

    Thread 1 "**" received signal SIGILL, Illegal instruction.
    

    as soon as it is hit, Is this intentional or have I screwed up on the compilation stage

    Can you please be more specific? What program did you compile?


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Hi. I have a shell to the machine. can someone five me a nudge for user?

  • Type your comment> @HomeSen said:
    > @sebiV said:
    >
    > (Quote)
    > Can you please be more specific? What program did you compile?

    I've private messaged for fear of writing of spoilers
  • @f1x1t1x1f said:

    Hi. I have a shell to the machine. can someone five me a nudge for user?

    The common privilege escalation scripts should guide you the way to what to investigate next ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Type your comment> @HomeSen said:

    @f1x1t1x1f said:

    Hi. I have a shell to the machine. can someone five me a nudge for user?

    The common privilege escalation scripts should guide you the way to what to investigate next ;)

    OK, then I have to look deeper.

  • Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago :D


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • @HomeSen said:

    Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago :D

    Fun fact about this box - because it is so hard, we can be 100% certain that no more than 34 people have made it to Omniscient rank on HTB since 27 June 2020.

    I really feel that getting to 100% ownership is orders of magnitude harder than it was merely 12 months ago. The knock-on effect is that Guru and Elite Hacker are also a lot harder (because getting to 90% ownership when a box and a challenge change every week is painful).

    Hopefully this will be taken on-board by the hiring managers, recruiters etc., who seem to be using HTB ranks as a hiring/promotion rule.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • I've probably missed something obvious for the initial foothold. I've spotted the vuln in the repo and know the general direction to exploit it. The only problem is it's a client-side vuln. How exactly am I supposed to obtain an RCE from it?

    denethor

  • Check the other port. It will allow you to "deliver" your payload.


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Type your comment> @HomeSen said:

    Check the other port. It will allow you to "deliver" your payload.

    Thanks for the tip.

    denethor

  • I got user...
    Thanks to @HomeSen for hints and supports :blush:

  • rooted \o/

    If someone with a better knowledge of a linux kernel has time to chat, let me know. Still don't get why some tricks didn't work as they should.

    smrtptr

  • Type your comment> @HomeSen said:

    @pinnn said:

    Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
    P.S. Where is the badge?!

    Congrats. Still fighting with it, but I'm sure that I'm on a good path ;)

    The badge is expected to appear soon™ :D (at least, that's what everyone got assured of, as long as the official Discord channel existed)

    There should be three badges for this box: foothold, user and root! 😅

  • edited December 2020

    I'm kind of stuck again for user. I managed to land an arbitrary write but I can't find a way to leak an address. Any hint would be appreciated.

    EDIT: Nevermind. even if I can't "read" an address directly, I can still modify it.

    denethor

  • edited January 12

    I've rooted it.

    Thanks @r4j for amasing box and @HomeSen and @smrtptr for valuable hints and nuges.
    If I could give respect several time, I'd have done it to @HomeSen for hints :smile: and to @r4j for box. I spent several month for it and many time felt how my brain was crashing.

  • This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!

    Well done to everyone who rooted this box.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @TazWake said:

    This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!

    Well done to everyone who rooted this box.

    Enjoy: https://no-sec.net/write-up-hack-the-box-rope-two/ ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • @HomeSen said:

    @TazWake said:

    This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!

    Well done to everyone who rooted this box.

    Enjoy: https://no-sec.net/write-up-hack-the-box-rope-two/ ;)

    Thats an awesome write up! Amazing work to root the box. I think - even with the write up - I would struggle!

    Thank you so much for sharing.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

Sign In to comment.