Official Ophiuchi Discussion

124

Comments

  • edited March 21

    this is a fun machine, and i finally managed to rooted it
    if any of you guys need any hint just DM me, im willing to help you :blush:

  • I finally managed to root the machine. I spent a lot of time trying to compile stuff for the root part, but there is an easier solution. If you need any help let me know.

    Arrexel

  • Type your comment> @PrivacyMonk3y said:

    My advice for you guys trying to get foothold... if you get a 500 debug/dump screen... read all the way through it... lol don't be like me.

    This has saved me so much time and frustation because I was about to give up and thought to check the forums once! Thanks !!!

    Atomman

  • edited April 2

    I find a sn**yaml payload and try to get a reverse shell, I add a simple nc in the payload and it can connect to my local pc, but any other reverse payload can't work. Also tried to download the exp to the machine, but when try to execute it ,it doens't work.

    Edit: Get the foothold finally, I should use a definite address in the payload. The user is simple to get, working on the root now.

    Hack The Box

  • edited April 7

    Wondering if anyone could help on foothold. I got past the 500 errors but reverse shell isn't working. Connects up but can't execute commands. I assume there is a problem with the payload.

    Ended up figuring out payload: had to run two services at once for it to play nice though. User is trivial from there if you explored the site a bit. On to root...

  • Kinda stuck on the root part. Tried compiling myself, didn't work for some reason. Didnt find the package needed for compiling on the box either. Any help will be appreciated.

  • edited April 9

    Hi, i managed to manipulate the request and i can make the machine download my files, but every reverse shell i try i don't get the connection, can you give me any nudge?

    i managed to get a simple nc without commands and without the "-e"

    Edit (SOLVED):

    Big Up to @sicario1337 , i am on my way to root

  • Type your comment> @Meise said:

    Hi, i managed to manipulate the request and i can make the machine download my files, but every reverse shell i try i don't get the connection, can you give me any nudge?

    i managed to get a simple nc without commands and without the "-e"

    Hey Meise!.. where've you been? long time hey!

    PM what you've done and how you doing it :wink:

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • From what I can tell so far the YAML parser is at least meant to work. Anyone else getting a blank page with 'Due to security reason this feature has been temporarily on hold. We will soon fix the issue!' everytime they post something to the Yaml servlet?

  • edited April 14

    Type your comment> @allTsar said:

    From what I can tell so far the YAML parser is at least meant to work. Anyone else getting a blank page with 'Due to security reason this feature has been temporarily on hold. We will soon fix the issue!' everytime they post something to the Yaml servlet?

    Yep
    the same here

    It worked the last time I tried to get a reverse connection :/

  • Ok it works
    just error for my IP address ;)

  • Hello everyone (finally back on track!)
    This machine was really interesting.
    Learnt something new.
    Everything has already been said.
    For foothold, when you think is not working, think also that there is always a workaround.
    Cheers!

    Hack The Box
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Just Finished the box. If help needed just send me a message. :)

  • Impossible to get that yaml thing functionning :neutral:. Tried to execute system commands but it's not the right way. You need to run a web server on your host to serve files to attacked url.

    For rooting, I just was enable to use webassembly tools. I found a web online tool that do the same. I thought deploy.sh deploy a war to tomcat server but it's simpler thant that. Just execute commands with root account.

    Well, that was impossible for me without tutos but I really tried to go ahead. I learned things undoubtly.

  • rooted.

    I would say the rating is accurate. I had issues with both foothold and root, but only because I'm stupid. foothold i could have gotten quicker if my syntax had been correct first time. root i could have saved myself two days had I looked at something correctly. I pretty much knew exactly how to get to root once i looked the box over and read everything around me. I even did the steps that would get me to root, but then just missed ONE thing...

    good learning box.

  • fun box, I've been away working on retired windows boxes. Root threw me for a loop. Do your standard enumeration. There's a way of doing that redirection. GO do some reading. After that, if you make your own then just worry about Compiler errors. Runtime errors won't block you as long as you don't Byte off more than you can chew.

    PM for nudges

  • Rooted, fun box, foothold was easy, user part was easy as well, root part is damn good but needs work!

    PM if you stuck

  • edited May 1

    Rooted. Thanks @felamos. Learned something about w**m :smile:

    @allTsar said:
    From what I can tell so far the YAML parser is at least meant to work. Anyone else getting a blank page with 'Due to security reason this feature has been temporarily on hold. We will soon fix the issue!' everytime they post something to the Yaml servlet?

    Getting this message is normal when you send something that doesn't do what's needed - except for when you send garbage and you get the trace that other people mentioned.

    For root: getting an error when running the w**m-related command can also be normal and doesn't necessarily mean some other user bricked the machine, just read through what you have.

    Friendly reminder to clean up your room before leaving the box.

  • Finally rooted. Thanks to @felamos for this awesome box.
    Initial foothold was pretty tough for me,learned a lot. User and root part is pretty straight forward.
    If anybody need any hints can PM me.

  • edited May 5

    about user:
    If you are getting error 500,
    please just read st******e, i mean, read every single line of it, until you see it
    took like two hours for me ><

    about root:
    straightforward, just see what that strange file does, modify it and tadaa.

  • edited May 9

    Got user.txt as the a****, and have a pretty clear idea of privesc, but am getting a weird error on a certain package. Not really familiar with the technology but I think I know what to do with d*****.sh.

    Would really appreciate some nudges on root!

    Unix fanboy
    Website: 0xAsh.io
    Ashh

  • Can anyone give a hint, please? I can run RCE, but cannot get reverse shell. The server can connect to me, using curl, but I do not get rev.shell . I also do not now Java,

  • rooted. some places, felt weird. like the keys was not getting written.. maybe temporary box issue, so i just echoed out the juice lol. Any help dm as usual..

    Eat-Sleep-Shit-Repeat Security
    kragle
    If I helped you, you may +1 with respect

  • Type your comment> @paddanada said:

    Just rooted this box... although, it'd be more accurate to say, "I got the flag"...

    I couldn't get my version of the "attack script" to pop a reverse shell; I knew my script was being executed, because I got it to run id and saw the expected result. Try as I might, though, I couldn't get my reverse shells to work. In the end, I just catted what I needed. Like I say, I got the flag, but don't really feel that I "got root", if that makes sense...

    If anyone here did manage to get a rev shell to work (or get in as root), would you mind sharing how, via PM, please?

    same issue. maybe some temoporary box issue?

    Eat-Sleep-Shit-Repeat Security
    kragle
    If I helped you, you may +1 with respect

  • edited May 14

    I'm stuck on root.
    I think I need to edit the .w*** file to return 1 on the i function? But i dont have write permissions to that file... What am I missing?

    edit: nevermind...

    [email protected]:/tmp# id && hostname
    id && hostname
    uid=0(root) gid=0(root) groups=0(root)
    ophiuchi

    Hack The Box

  • edited May 19

    missclick please ignore/remove

  • I wonder if it's possible that this machine has stuck (even after few "machine resets") in the state that sudo command which I'm trying is shouting "cannot find package". Looks like missing github repo on machine. It was working yesterday and stopped and now I cannot move further.

    Any suggestions appreciated.

  • Hey! Huh I'm still pretty new at this, only have done a couple of boxes, but I got a problem while trying to get user, cant understand how to create this yaml payload <.<

  • Type your comment> @crazyratpl said:

    I wonder if it's possible that this machine has stuck (even after few "machine resets") in the state that sudo command which I'm trying is shouting "cannot find package". Looks like missing github repo on machine. It was working yesterday and stopped and now I cannot move further.

    Any suggestions appreciated.

    got root - case closed :blush:

  • just got rooted! Foothold was taugh for me, but the others were easy... if you are stuck, feel free to DM me.

Sign In to comment.