Official Ophiuchi Discussion

@damnc said:

@riceman do you mind if I PM you? I’d like to take a look at these 6 lines long payload you had. I believe I tried that route for quite a few hours without much success. I am curious for what I was missing.

Sure, if you’ve already solved then shoot me a message.

uid=0(root) gid=0(root) groups=0(root)
root@ophiuchi:~#

Good box ! I liked a lot.

Rooted! Had a little hard time on the initial foothold, but learnt something new! Great box! thx!

Rooted, quite an easy box actually!

Foothold: check the request and play with it
User: old vulnerability, search for it
Root: Never played with go, but i think its doable with a bit of research. When exploiting binaries what is the most useful thing?! (i think it is the source code :stuck_out_tongue: )

Pm me if needed (but at least have concrete questions)!

Wow. That was a fun box for sure. Foothold took me longer than it should have, but I got there.
Root was a learning experience.
Thank you!

Just rooted this box… although, it’d be more accurate to say, “I got the flag”…

I couldn’t get my version of the “attack script” to pop a reverse shell; I knew my script was being executed, because I got it to run id and saw the expected result. Try as I might, though, I couldn’t get my reverse shells to work. In the end, I just catted what I needed. Like I say, I got the flag, but don’t really feel that I “got root”, if that makes sense…

If anyone here did manage to get a rev shell to work (or get in as root), would you mind sharing how, via PM, please?

If anyone here did manage to get a rev shell to work (or get in as root), would you mind sharing how, via PM, please?

I gotchu!

Type your comment> @riceman said:

I gotchu!

Thanks, @riceman for showing me how to get “true” root, not just the flag!

first box i managed to do without any hints. very straightforward , just needed some googlefu to figure everything out. enjoyed it a lot , thanks for the box!

finally rooted, what a ride to root, completely new territory for me, took me a while to understand how to feed the export method exactly.

if anyone need help, just pm me.

Enjoyed this box. Tip for foothold - if youre getting a 5** error READ THE WHOLE ERROR DUMP. Not just the titles. I wasted more than an hour making that mistake

Thanks @felamos, I had a great time :slight_smile:
What was particularly satisfying was how easy it was to get the foothold because the last time I had to deal with that kind of vuln, I struggled a lot to get it working. It feels good to see some progress on my end !
If anyone successfully managed to get his or her own crafted file working for the last part, I’d be happy to know. I tried several things but kept hitting segfaults.

For root part, i understood what needs to be done but was in the wrong place. i got the root flag after going to the right place. But can some give me more understanding about why the place mattered here. i didn’t get that part very well. send me a explanation in Pm. Thanks @felamos for this box, learnt a lot on this one.

Nice box, foothold and user is easy. Root trick was new to me but didn’t take much after bit of google fu. Thanks for nice box.

regarding foothold. Lots of people are talking on it’s simplicity but I had trouble getting shell to work. Specifically issues with my Simp******erver not working for whatever reason(maybe needed dif port? not sure) Anyway another python library program and that helped A LOT…
second, people talk a lot about the 500 error and reading the error messages, but for me that didn’t really help. maybe I’m to thick for I couldn’t figure out why something didn’t link? All files were called 200 so giving up I ended up using a different resource than the one giving the 500. that helped.
to root. i go

Pretty fun box. Definitely learned something new even if a lot of it was already on Github.

I had never heard of the thing needed for root before this - but it is fascinating.

Thanks @felamos - I actually enjoyed reading up on this.

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable…

Type your comment> @m1tch404 said:

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable…

The link works fine and plus that’s not the only tool on GitHub that you can use to edit the binary…

@m1tch404 said:

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable…

That seems to still be available on github but to confirm @sicario1337’s point - I didn’t use this tool.

Type your comment> @m1tch404 said:

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnable…

Just go up a dir or two with that link, then you find the repo. But you don’t really need it anyway.