CTF - Machine

LegendarySpork · February 9, 2019, 8:27am

lol facepalm root. Bed, then breakfast, then coffee with a side of root.

Edit: well that took longer than it should have. Brainlock. Was so very very close for hours, had the pieces, then finally got it with a little nudge over the finish line. Nice and oldschool at the end.

I liked this box. Thanks!

w31rd0 · February 9, 2019, 9:31am

Type your comment> @limbernie said:

Do you need to find the token string in order to generate the OTPs?

getting the token string is possible. it was late when i did it yesterday, so did not look into it that much. but from replies i got above it seems like something like that may be needed

0xEA31 · February 9, 2019, 2:33pm

Type your comment> @MrR3boot said:

Loved your creation @0xEA31. Great learning path to me. Though i’m still in progress but a brainstorming puzzle which really keeping me close to solve it.

Edit: Rooted

Thanks a lot!

chivato · February 9, 2019, 6:50pm

Sadly, I really did not enjoy this box. User was not to my taste at all. Although, root reminded me of an older box, but with a twist, Root > User.

Either way, thanks to the Donkeys Leader for the box

limbernie · February 11, 2019, 1:44am

I sorta ‘guessed’ the username from the comments. Now, how do I search for attributes in the four-letter directory service? Step up my enumeration game?

Very interesting box…

LegendarySpork · February 11, 2019, 4:38am

Find some sample search code that might be relevant and think about where to insert something malicious, in the style of sqli.

Tepidangler · February 12, 2019, 9:31pm

Rooted, thanks to help from that guy there ^^^, really go box that inspired to me write tool (doesn’t work here kinda on purpose, kinda not, but if you know how to do what you need to it can be tweaked that way) any, good box, if you need help feel free to ask. It’s not as hard as you would think given the amount of points you get, but if you just stumble upon stuff it can actually make it harder because there’s a logic that’s supposed to be followed.

Frinto · February 13, 2019, 2:24am

I’m trying to enumerate the 4 char directory service but I can’t seem to get any output. Can someone tell me if I’m wasting my time or is this the right path?

Tepidangler · February 13, 2019, 12:38pm

you are not wasting your time, you probably just haven’t satisfied all of your requirements.

Frinto · February 13, 2019, 9:39pm

I found a script that backs things up and I also found a way to exploit it, but I need some password to unpack it.

limbernie · February 14, 2019, 12:58am

@Frinto said:
I found a script that backs things up and I also found a way to exploit it, but I need some password to unpack it.

Brilliant, how did you do it without getting banned?

Frinto · February 14, 2019, 11:58pm

@limbernie said:

@Frinto said:
I found a script that backs things up and I also found a way to exploit it, but I need some password to unpack it.

Brilliant, how did you do it without getting banned?

Mate what? I did not understand a single thing you just said…

limbernie · February 15, 2019, 12:19am

@Frinto said:

@limbernie said:

@Frinto said:
I found a script that backs things up and I also found a way to exploit it, but I need some password to unpack it.

Brilliant, how did you do it without getting banned?

Mate what? I did not understand a single thing you just said…

Finding the script involves enumeration, no? Enumeration with a tool gets your IP banned. That’s what I meant :lol:

Frinto · February 15, 2019, 2:21am

@limbernie said:

@Frinto said:

@limbernie said:

@Frinto said:
I found a script that backs things up and I also found a way to exploit it, but I need some password to unpack it.

Brilliant, how did you do it without getting banned?

Mate what? I did not understand a single thing you just said…

Finding the script involves enumeration, no? Enumeration with a tool gets your IP banned. That’s what I meant :lol:

Ah, no. I mean on the box itself. I already got ssh access.

limbernie · February 15, 2019, 3:09am

I see. My bad :lol:

tirvax · February 16, 2019, 1:31am

Hey, It seems that the username is somewhat guessable… I tried bruteforce with big throttle and i couldnt find anything.I used some tool that extract words from webpages… Tried to follow every link to find some information/username but no results. Any hints?

Tepidangler · February 16, 2019, 12:03pm

Type your comment> @Frinto said:

I found a script that backs things up and I also found a way to exploit it, but I need some password to unpack it.

you don’t need to, figure out what the script is doing, there may be an exploit that you immediately see when you google it, but that exploit is nothing more than a hint as to how to root the box

w31rd0 · February 16, 2019, 12:46pm

so stuck on the after login part…
error message hint is a bit vague, or i am missing the picture here

limbernie · February 16, 2019, 8:08pm

@w31rd0 said:
so stuck on the after login part…
error message hint is a bit vague, or i am missing the picture here

Same here but I got to admit, the extraction of the token string was really fun…

Tepidangler · February 17, 2019, 1:36pm

Type your comment> @w31rd0 said:

so stuck on the after login part…
error message hint is a bit vague, or i am missing the picture here

missing the picture, the error message tells you why you can’t do what you want.