davidlightman

About

Username
davidlightman
Joined
Visits
2,430
Last Active
Roles
Member

Comments

  • I could use a little nudge on initial foothold. I'll share what I have tried so far.
  • I finally rooted Player2 after three weeks of hard work. What can I say? I wish every box would make me go back to school like this. I feel much stronger now. Thanks @MrR3boot. Thanks @b14ckh34rt.
  • Hi all, I'm currently stuck on connecting to a storage service. Can't figure out the authentication method. May I ask for some guidance? I will show my attempts. Thanks! EDIT: and, as always happens, five minutes after posting I found the culprit…
  • It's even worse than that. Since _ is filtered, we can't even reach system() through Python subclasses, as shown in: https://nedbatchelder.com/blog/201302/finding_python_3_builtins.html Any idea, anyone?
  • Hi, I'm stuck on bypassing the second notice. I've tried anything I know about PHP (will not write it here to avoid spoiling). I could use some help in the right direction. Thanks!
  • I was wondering the same. Who rated this as easy? Rasmus Lerdorf?
  • I could use some pointers on this one. I tried common image steganography techniques and none seems to work. Thank you in advance!
  • Hi there, I extracted the payload in the HTA file, trying to be super careful not to mess things up. However, the resulting binary payload doesn't make any sense. Could any kind soul review my approach? Disclaimers: - I don't have Microsoft Office…
  • Great box! I learned about a very useful backup tool, which I plan adopting.
  • Cherrytree or Mindforger.
  • I haven't done the challenge yet (so I might be wildly off track), but if the binary is exposed through socat, it might interpret the 0x7f character (so frequent in 64bit addresses) as a DEL character, messing up the 0x7f... address and probably rui…
  • I haven't done the challenge yet (so I might be wildly off track), but if the binary is exposed through socat, it might interpret the 0x7f character (so frequent in 64bit addresses) as a DEL character, messing up the 0x7f... address and probably rui…
  • I could use some help with the challenge. I can debug the script, I think I know where the different "outputs" are stored, but I can't extract the text. Would anyone PM me so I could explain what I have done so far and what I am struggling…
  • Following with interest! As the challenge description says, this ain't no script kiddie one.
  • Finally rooted. Thanks to anyone who helped. Great box.
    in RE Comment by davidlightman October 2019
  • Did anyone do user the intended way? I couldn't find the "real" vulnerability. Would someone enlighten me? Disclaimer: I rooted the box.
  • Got user! On to root. Thanks to anyone who patiently helped.
  • I am completely stuck on initial foothold. I read the blogs, I tried all the obfuscations, (I think) I know what to do, but no payload is ever getting triggered. I could really use some help or a review of what I am doing. Thanks for your time!
  • Hold on! I might have found something.
  • Type your comment> @combinator said: (Quote) I "scavenged" the system for logs in the usual directories. I don't even have permission to read any file. The insect application also does not seem to provide any form of incident logs. I a…
  • You should have obtained a sensitive file. To view its contents, you should supply a credential. Since you don't have credentials, you have to obtain them somehow. Our old friend john may help.
  • I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files…
  • Yeah, I figured through git. Thanks!
  • Using the relevant tool I get a backtrace about wrong timestamp format. Has anyone experienced this issue?
  • I made some progress, I think. I can distinguish library code from binary code. I know how the binary was compiled. I have identified the function that asks for some input. I have somehow reconstructed the first steps of the program. Now I am stuck …
  • Hi all, I need some help with the challenge. I can share in PM my approach and what I have tried so far. Thanks!
  • What kind of magic is that :open_mouth: ? Amazed.
  • Solved, thanks!
  • Well, deobufscation more than crypto...
  • Ah, so there's some crypto in there!
Avatar

Howdy, Stranger!

Click here to create an account.