Finally fixed all backdoors. First of all, a lot of thanks and huge respect to @0xdf for this box, had a LOT of fun and promoted my skils. The challenge is all about observing things and asking questions like “why”, “where”, “when” etc.
Before you read further, I strongly advice you to try pass the challenge by yourself. It can be confusing, but not impossible, If you do it on your own you will get some good growth. But if you are really, REALLY stuck, here are some nudges
1 - it rises from the dead, but why and where…
2 - strongholds always break from inside
3 - some persons tend to use your things even if they dont belong to them
4 - who gave this guy a weapon!?
5 - same as 1
6 - something is wrong about that animal…
7 - the traitor never stops making holes in the castle
8 - only greek god knows what happens here
if it contains spoilers, delete the message please.
I like the idea. Right now they are all partially remediated or fully but it’s very difficult to track which number is which backdoor and it even seems random… i reset the box, i get right away “Issue 1 is partially remediated”. The one that was “Fully remediated” goes back to “not remediated” after i have removed another backdoor
Hey really stupid question but how do I connect to the instance once I have it initiated. I have tried to ssh@user@instanceIP:PORT but am not able to connect. I am connected to the HTB VPN.
I could use some help with this. I’ve found 5 of the 8 backdoors, but only fully remediated 2 of them. Some of the ones I’ve partially remediated seem like they should be fully remediated, as I don’t know what else there is to fix (#2 for example, seems pretty straightforward).
Issue 1 is fully remediated
Cleaning issue 2 seems to have broken expected behavior
Issue 3 is fully remediated
Cleaning issue 4 seems to have broken expected behavior
Issue 5 is fully remediated
Issue 6 is fully remediated
Cleaning issue 7 seems to have broken expected behavior
Issue 8 is fully remediated
#2 I’ve got partially remediated by removing something someone usually doesn’t have and changing overly permissive permissions on the folder where it was, but not sure what else to check. #6 from the hint I’m thinking something with cat, netcat, or python and have done the usual suid, sgid, cap checks and don’t see anything on them. Would appreciate a nudge!
Amazing work by @0xdf ! Hope once it retires you make a writeup on how you approach things. Also curious to see if you’re able to crack the solveme binary to give give yourself hints on where to look for or even get the flag without actually patching anything.
Personally I think this is vary hard if you don’t have enough linux system experience, the 8 sub-puzzles doesn’t have strong logical connection, I was able to solve 2 or 3 of them fully and got stuck with others partially solved for days. It’s so frustrating that I ended up by reversing the solveme binary and got som hints from some leaked strings, even though it takes me hours to finally solve it. Great job @0xdf !
For the reverse guys, the solveme binary is a python executable obfuscated by pyarmor, it’s not easy unless…