Official Ophiuchi Discussion

Type your comment> @PrivacyMonk3y said:

My advice for you guys trying to get foothold… if you get a 500 debug/dump screen… read all the way through it… lol don’t be like me.

Wasted a hour until I noticed that :wink: could have had it soooo much sooner.

Interesting box, rough for my skillsets but tis how we learn so they say :tongue:

your wasted hour saved me … thanks for the tip.

Rooted!

For the last step. You can use a web thing, and it’s as simple as you think it is, just cut out all of the other ■■■■, and use whatever old faithful tool you’ve used since the 70s.

– nvm

If only I knew enough java to know what to do with the ■■■■ 500

@deepansh0xB feel free to PM

Spoiler Removed

nice box, ty!

Got user. I think I know what I’m supposed to do for root. But I can’t find a way to generate the “w” file I need.

Type your comment> @FQuen said:

Got user. I think I know what I’m supposed to do for root. But I can’t find a way to generate the “w” file I need.

we pronounce it wabbit github

Anyone have a nudge on the reverse shell? I have RCE but can’t create a connection back to my machine.

Rooted! That was a fun machine.
Definitely spent more time on google than my actual terminal but I learnt a few new things.
Feel free to PM me for nudges.

Type your comment> @bluesheep said:

Anyone have a nudge on the reverse shell? I have RCE but can’t create a connection back to my machine.

I had to try a bunch of different things - what worked for me is just googling a rev shell in the language I was writing in - who knew, right?

@bluesheep said:

Anyone have a nudge on the reverse shell? I have RCE but can’t create a connection back to my machine.

As always with Java in particular (but also other server-side languages in general): Don’t try to build too complex payloads. Often, it is better to download (and then execute) a shellscript to the target machine, and make the script do all the heavy lifting.

@Sketrik I was 100% sure that I tried that and that it didn’t work, but I proved myself wrong, I have a reverse shell now. Thanks for making me try it again!

I really should pay more attention when changing variables in the pre-written ones I suppose.

@HomeSen Thanks for the tip! I’ll keep it in mind for the next boxes on my list.

i can’t get this ■■■■ thing to execute my special w file, it keeps seg faulting. :frowning:

@MartianArchive said:

i can’t get this ■■■■ thing to execute my special w file, it keeps seg faulting. :frowning:

Did you write a new one, or just edit the existing?
I couldn’t get my own file to work, so I simply modified the existing one.

i got a connection back from nc but cannot get a shell with -e even with basic bash rev shells !
is this a part of the challenge or what?

Type your comment> @MartianArchive said:

i can’t get this ■■■■ thing to execute my special w file, it keeps seg faulting. :frowning:

Modifying the original is the way to go.

@AbuQasem said:

i got a connection back from nc but cannot get a shell with -e even with basic bash rev shells !
is this a part of the challenge or what?

Well, yes and no. Java in particular (but also other server-side languages in general) doesn’t like complex payloads. Often, it is better to download (and then execute) a shellscript to the target machine, and make the script do all the heavy lifting :wink:

Type your comment> @graghtb said:

Type your comment> @MartianArchive said:

i can’t get this ■■■■ thing to execute my special w file, it keeps seg faulting. :frowning:

Modifying the original is the way to go.

@HomeSen said:
@MartianArchive said:

i can’t get this ■■■■ thing to execute my special w file, it keeps seg faulting. :frowning:

Did you write a new one, or just edit the existing?
I couldn’t get my own file to work, so I simply modified the existing one.

yeah i gave up on creating my own. modifying it was alot easier lol

1 Like