Obscurity

Spoiler Removed

Spoiler Removed
Sorry

Spoiler Removed

If you’re struggling with crypto don’t give up.
Read carefully how the script is encrypting data and how it’s using the key.
If you’re not familiar with python scripting, well, the key can be “cracked” manually in 20 minutes.

Is the box broken or something? Not getting any response from the services.

User was fun :slight_smile: Now on to root

4 minutes later: root was a bit disappointing

Need some help for regarding the server

root@Obscure:~/#
Great Box.
I enjoyed the challenges :wink:

Foothold :

See what the function is doing and where is it interacting.

User : Easy Small Challenge

Root : Not sure on what to suggest as I did the unintended way.

Thanks @clubby789 for this box!

root easy way: patched
(rooted on catch way too)
Hack The Box

root… i love this box - i’m software developer and it was nice one for me :slight_smile:

feel free to pm for help

Done. Fun for juniors like me and straightforward. User harder, root simpler.

used gobuster dirbuster ffuf wfuzz and intruder still nothing
a small hint would be nice… please sent me a pm…
thx

Type your comment> @madhack said:

used gobuster dirbuster ffuf wfuzz and intruder still nothing
a small hint would be nice… please sent me a pm…
thx

just look for specific path

found it, thx people!

any proper hints available on how to find or where this “key” is ? really don’t like this box and it’s taking me triple the time it should due to 100% being python :frowning:

Just Rooted. I think in the unintended way since it was really too easy.

Guys need a nudge… Found what command to exploit… copied and run this server on my local machine… tested my exploit string… and it worked… but it doesnt work on Obscure machine… what do i miss??? it returns 404 error and shows my string which passes into that func correctly… but doesnt give a reverse shell…

Box patched now. Root part is harder.

Hint for root :
Code auditing. It’s sad you cant read the file quickly enough.

There are multiple ways for root using the py script. I found one not involving anything py at all.

there are atleast 4 ways…