Official Attended Discussion

I get not many people have done this box - but can anyone confirm if I need to set up a local server to receive responses from the box on the higher of the open ports?

Yes I used some python module

@gh0stm5n said:

Yes I used some python module

Thanks - I am pretty much in the 11th circle of ā– ā– ā– ā–  trying with that right now. You have no idea the mistakes Iā€™ve made getting to even this starting point :lol:

I want to kill myself. Iā€™ve spent ~8 hours failing to get something working. A reset of the box and it works instantly.

You have to wait a bit :wink: It does take some time to do what you want it to do.

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

Yes, syntax is a tough one there. Not making mistake with folders is anther gotcha.
The root thing is giving me the grief though.

Type your comment> @TazWake said:

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

Iā€™m at the same spot. Initially I tried setting up a local server, but then found the python module easier to work with for sending, and a socket script for receiving. Iā€™m able to get a response, and based on the clues inside am now trying to send something that will trigger a command.

hint: forget any ā€œusualā€ commands that would throw something back to you. its pretty locked

A small step forward - Iā€™m now getting ā€œthanks dudeā€ when sending something

his reply should tell you where to dig for. Look at the whole e-mail

Cannot find any useful gadgets in the binary.

@gh0stm5n said:

Cannot find any useful gadgets in the binary.

There are some on an online resource, but I donā€™t know how useful it would be. I am not even sure how the binary would be used to privesc.

I do think that this is the binary to keep attacking. Looking at the evidence, it seems this is it.

Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be convertedā€¦ Succes

@gh0stm5n said:

Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be convertedā€¦ Succes

That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once Iā€™ve worked out how to exploit the binary fully. Finding an executable ā€œvictimā€ to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.

This is definitely an insane box.

Type your comment> @TazWake said:

@gh0stm5n said:

Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be convertedā€¦ Succes

That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once Iā€™ve worked out how to exploit the binary fully. Finding an executable ā€œvictimā€ to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.

m*d*l*s

Are guy talking about a******s binary? I am doing something wrong it seems. Canā€™t see ways yet to land so I can use rop

Ok, iā€™ve already spent more than 10 days onto this behemothā€¦getting userā€™s flag has been a gigantic learning experience (thanks also to @TazWake) , but i have to admit that root is out of my reach for now.
If anyone wants to give me one or more nudges, itā€™ll be more than welcome. for now the only thing that i can say is that maybe i have understood what to do, but i am almost completely illiterate onto this branch of exploitationā€¦