Smasher

I got initial larger foothold smasher and then lost the way to get in. Was wondering, is it someone on the box that deleted my “larger foothold” or was it some reset and the foothold i received was an artifact from a previous hack? Do I need to create the ? or is the ? supposed to be there?

Server has an active S## so it was there in the first place.

I reset and it was still gone, so am I to assume who ever is messing with me did it right after reboot. Little shnitzel.

Ok did another reset, I have a strong feeling it wasnt there to begin with :s

@pykler said:
I got initial larger foothold smasher and then lost the way to get in. Was wondering, is it someone on the box that deleted my “larger foothold” or was it some reset and the foothold i received was an artifact from a previous hack? Do I need to create the ? or is the ? supposed to be there?

Are you able to run commands on server? I’m only able to read…

@madcap said:

@pykler said:
I got initial larger foothold smasher and then lost the way to get in. Was wondering, is it someone on the box that deleted my “larger foothold” or was it some reset and the foothold i received was an artifact from a previous hack? Do I need to create the ? or is the ? supposed to be there?

Are you able to run commands on server? I’m only able to read…

Reading can sure teach you a lot :wink:

@drtychai said:
Reading can sure teach you a lot :wink:

I have what I need from the reading part and I’ve setup a test environment to try to take it further. The hostname hints at the correct path, as usual, but I can’t accomplish what it’s directing me to do. (I’m trying to keep it vague here).

I found another very similar example on the internet and was able to accomplish what the hostname suggests in my test environment. However, that example wasn’t exactly same. The Smasher example is less complicated in some ways, but more advanced (read: modern) in another. The more advanced part is what I think is tripping me up. I could be wrong, but it’s the only thing I can think of right now. I’ll keep at it…

Any slight nudges available at this early point of the machine’s life?

@zavan said:

@drtychai said:
Reading can sure teach you a lot :wink:

I have what I need from the reading part and I’ve setup a test environment to try to take it further. The hostname hints at the correct path, as usual, but I can’t accomplish what it’s directing me to do. (I’m trying to keep it vague here).

I found another very similar example on the internet and was able to accomplish what the hostname suggests in my test environment. However, that example wasn’t exactly same. The Smasher example is less complicated in some ways, but more advanced (read: modern) in another. The more advanced part is what I think is tripping me up. I could be wrong, but it’s the only thing I can think of right now. I’ll keep at it…

Any slight nudges available at this early point of the machine’s life?

Pretty much stuck at the same point, I can see why this is a 50p machine.

i’m stuck at cipher part

So I think I know what I’m looking for in the read part, but it’s not there. As @pykler said to start with, the thing I need isn’t showing up. Anyone have any advice on this?

@NinjaRockstar said:
So I think I know what I’m looking for in the read part, but it’s not there. As @pykler said to start with, the thing I need isn’t showing up. Anyone have any advice on this?

If I uderstand correctly the way going forward, then the stuff (core “meat”) is there. But identification and exploitation … I’m still struggling to find out where and how.

Stop, Drop and…

This is a fun box. I don’t have it yet but I’m learning a lot and I’m quite sure I’m on the right path now. My only advice is read, research, understand, tinker, and repeat.

Can I get a PM with a nudge on this one. I can read but all my go to read locations are not found. A direction would be nice

Reading is not enough here. You need to develop.

Yes seems My initial comment is right, the file was not present to start. You need to gain foothold somehow … I didnt do it yet, but developing right now

I have shell on my own box (setup as identical as I could arrange), but cannot get on smasher. I do not want to spoil but … is it setup this way that we need to brute-force in order to get shell on smasher? Has somebody got shell without brute-forcing?

by reading the files i found what i believe is the right piece i need, now to develop the poc and start debugging… curiouser and curiouser

@sbridgens said:
by reading the files i found what i believe is the right piece i need, now to develop the poc and start debugging… curiouser and curiouser

This machine is harder than I thought. BF does not seem to be the right way (on my own environment is already running second hour with 7 requests per second (I get DOS when I try faster). It was rather not meant to be BF for hours.
There must be another way. I found some “attachments” which look quite promising.

@macw141 said:

This machine is harder than I thought. BF does not seem to be the right way (on my own environment is already running second hour with 7 requests per second (I get DOS when I try faster). It was rather not meant to be BF for hours.
There must be another way. I found some “attachments” which look quite promising.

I’m in the same place. I have noticed that the server takes a long time to reply (if at all) to simple requests - so maybe it’s just that someone else is DOS-ing it.