Official Ophiuchi Discussion

Finally rooted. Thanks to @felamos for this awesome box.
Initial foothold was pretty tough for me,learned a lot. User and root part is pretty straight forward.
If anybody need any hints can PM me.

about user:
If you are getting error 500,
please just read st******e, i mean, read every single line of it, until you see it
took like two hours for me ><

about root:
straightforward, just see what that strange file does, modify it and tadaa.

Got user.txt as the a****, and have a pretty clear idea of privesc, but am getting a weird error on a certain package. Not really familiar with the technology but I think I know what to do with d*****.sh.

Would really appreciate some nudges on root!

Can anyone give a hint, please? I can run RCE, but cannot get reverse shell. The server can connect to me, using curl, but I do not get rev.shell . I also do not now Java,

rooted. some places, felt weird. like the keys was not getting written… maybe temporary box issue, so i just echoed out the juice lol. Any help dm as usual…

Type your comment> @paddanada said:

Just rooted this box… although, it’d be more accurate to say, “I got the flag”…

I couldn’t get my version of the “attack script” to pop a reverse shell; I knew my script was being executed, because I got it to run id and saw the expected result. Try as I might, though, I couldn’t get my reverse shells to work. In the end, I just catted what I needed. Like I say, I got the flag, but don’t really feel that I “got root”, if that makes sense…

If anyone here did manage to get a rev shell to work (or get in as root), would you mind sharing how, via PM, please?

same issue. maybe some temoporary box issue?

I’m stuck on root.
I think I need to edit the .w*** file to return 1 on the i function? But i dont have write permissions to that file… What am I missing?

edit: nevermind…

root@ophiuchi:/tmp# id && hostname
id && hostname
uid=0(root) gid=0(root) groups=0(root)
ophiuchi

missclick please ignore/remove

I wonder if it’s possible that this machine has stuck (even after few “machine resets”) in the state that sudo command which I’m trying is shouting “cannot find package”. Looks like missing github repo on machine. It was working yesterday and stopped and now I cannot move further.

Any suggestions appreciated.

Hey! Huh I’m still pretty new at this, only have done a couple of boxes, but I got a problem while trying to get user, cant understand how to create this yaml payload <.<

Type your comment> @crazyratpl said:

I wonder if it’s possible that this machine has stuck (even after few “machine resets”) in the state that sudo command which I’m trying is shouting “cannot find package”. Looks like missing github repo on machine. It was working yesterday and stopped and now I cannot move further.

Any suggestions appreciated.

got root - case closed :blush:

just got rooted! Foothold was taugh for me, but the others were easy… if you are stuck, feel free to DM me.

I’m always happy to help, if someone needs a nudge!

Root was fun, but annoying at the same time… I think I got it working after 15 minutes but I simply did not realize it… then tried setting up my “own” thing, spend another 2 hours trying to figure out what I did wrong, just to realize it already worked with the stuff given and my modifications -.-

Type your comment> @pizzapower said:

I can get a connection back to my box, but something isn’t working correctly for me. lol

edit: got a foothold, but looks like I was beaten to it

I can’t spoil, but the y***-*****ad doesn’t give me back a shell… I reviewed my code even with a friend who rooted it…

I have the exploit and everything works fine but the only that doesn’t happen is a reverse shell. I checked multiple times and tried different ways to get the shell but I can’t get it.
Could anyone PM so I can verify my approach

This box is awesome. However, I spent a lot of time trying to get the right scripts to work as needed for user and for root.

I will just repeat the same thing that I found here in the forum for the root part. The location is very important. If someone is stuck I will be glad to indicate the right direction without spoilers.

Pepe

Hmmmm, I think I have done it the unintended way!

I haven’t read the comments yet, but I believe going directly from t***** to r*** isn’t the intended way.

uid=1001(t*****) gid=1001(t*****) euid=0(root) egid=0(root) groups=0(root),1001(t*****)

I think I will have to re-do it the intended way upon confirmation :expressionless:

EDIT: I think the box is broken, otherwise I doubt all those people who solved it didn’t mention the unintended one-liner root!

Rooted!

Plenty of hints on this page, but feel free to PM me if you’re really stuck!

hey
i try to get revers shell with bash script in one time i get the shell after with the same script code its not get me shell someone know what happened and how can i restore the shell?

Type your comment> @pizzapower said:

I can get a connection back to my box, but something isn’t working correctly for me. lol

edit: got a foothold, but looks like I was beaten to it

Try other kind of rev shell. Maybe the same language of the vuln app?? :wink: