@riceman do you mind if I PM you? I’d like to take a look at these 6 lines long payload you had. I believe I tried that route for quite a few hours without much success. I am curious for what I was missing.
Sure, if you’ve already solved then shoot me a message.
Foothold: check the request and play with it
User: old vulnerability, search for it
Root: Never played with go, but i think its doable with a bit of research. When exploiting binaries what is the most useful thing?! (i think it is the source code )
Pm me if needed (but at least have concrete questions)!
Just rooted this box… although, it’d be more accurate to say, “I got the flag”…
I couldn’t get my version of the “attack script” to pop a reverse shell; I knew my script was being executed, because I got it to run id and saw the expected result. Try as I might, though, I couldn’t get my reverse shells to work. In the end, I just catted what I needed. Like I say, I got the flag, but don’t really feel that I “got root”, if that makes sense…
If anyone here did manage to get a rev shell to work (or get in as root), would you mind sharing how, via PM, please?
first box i managed to do without any hints. very straightforward , just needed some googlefu to figure everything out. enjoyed it a lot , thanks for the box!
Enjoyed this box. Tip for foothold - if youre getting a 5** error READ THE WHOLE ERROR DUMP. Not just the titles. I wasted more than an hour making that mistake
Thanks @felamos, I had a great time
What was particularly satisfying was how easy it was to get the foothold because the last time I had to deal with that kind of vuln, I struggled a lot to get it working. It feels good to see some progress on my end !
If anyone successfully managed to get his or her own crafted file working for the last part, I’d be happy to know. I tried several things but kept hitting segfaults.
For root part, i understood what needs to be done but was in the wrong place. i got the root flag after going to the right place. But can some give me more understanding about why the place mattered here. i didn’t get that part very well. send me a explanation in Pm. Thanks @felamos for this box, learnt a lot on this one.
regarding foothold. Lots of people are talking on it’s simplicity but I had trouble getting shell to work. Specifically issues with my Simp******erver not working for whatever reason(maybe needed dif port? not sure) Anyway another python library program and that helped A LOT…
second, people talk a lot about the 500 error and reading the error messages, but for me that didn’t really help. maybe I’m to thick for I couldn’t figure out why something didn’t link? All files were called 200 so giving up I ended up using a different resource than the one giving the 500. that helped.
to root. i go