Tried RE the file but no luck, tried command injection on the found php file but probably prevented by escapeshellcmd. Bit stuck, perhaps trapped in a rabbithole?
same here. found a interesting function name in the file, but canât find additional info about it. Any hints?
For foothold : donât blind yourself to whatâs in front of you. Sometimes, the thing that youâve been looking for has been right there all along. Who is responding to your request ?
@m4lwhere if you want to get it executed on OpenBSD, ensure you are using correct arch/instruct as wellâŚ
thank you, i believe that is the problem iâm having. troubleshooting continuesâŚ
edit: it is unnecessary to get that deep into the program, simple enumeration of it is necessary. I overlooked this during my initial examination then got lost setting up new openbsd vms ?
Hmm ok RE looks likely, first time ever for me , anyone got some good starting points to learn the basics of ELF RE? Spent an hour googling so far, but if anyone one has a leg up on how to use and understand the tools (ghidra / gdb etc) thatâd be appreciated.
Keep getting stuck on âNo such file or directoryâ - possibly libc 95 ?
Not making sense to me but always keen to learn.
Please remove if its in any way a spoiler, but seeing as I havenât even got foot hold⌠thought it was ok.
Itâs indeed concerning libc, you need the right version.
About how to use the tools you can check LiveOverflow channel on youtube, you get the basics of gdb, other debugging tools and ELF RE.
If youâve done user, the root part is straightforward before even getting on the box. Come back to your notes and also maybe the different articles that you have read for the first part.
Iâm struggling with the RE bit, most functions appear to be useless and the only one with an interesting name is undefined, so I canât see how this binary could be of any use, or how to dig deeper. Any hints?
@Baud
No need for full RE, it helps with enumeration and googling⌠but no need to de-compile etc.
Only just got foothold/user myself after spending ages learning gdb and stepping through the executable.
As others have said before me, look for more obvious attack vectors from your enumeration, but a topical look at that binary is enough coupled with what enum should turn up to give you a possible path to google about.
If you people are doing RE. My honest suggestion is: donât do that. I think the creators of the box are a fan of rabbit-holes. Their before box " Admirer " is also having bunch of rabbit holes. Come on. Donât do RE, if you want to own the box.