Official Bagel Discussion

Official discussion thread for Bagel. Please do not post any spoilers or big hints.

2 Likes

Curiously it was not hard to find a vulnerability, it only is to get anything from it :laughing:

One more machine starting, I wish for everyone the best luck :heart:

1 Like

The owns amount is understandable, there is a time when you hit a wall, but the topic not having any message in an almost 8 hours period really scares me :fearful:

The box is pretty difficult. Most people are probably super close to a foothold, but don’t want to say anything without spoiling for others. I think I’m on the right track for it, I’ve doing a LOT of google searches and trying different ideas to get away from Jason Vorhees.

I would say that this machine was quite interesting, i was able to learn few things from it.
For anyone stuck feel free to PM.

Imagine me who slept in front of my computer while reading how to get past it :laughing:

Bagel is a good machine, straightforward I should say, my best hint is be aware of the details, I needed to read the same function three times before I noticed there was something odd, not to mention that I searched every single corner of the library before getting to it

In one way or another, for anyone coming, if you happen to need help or don’t understand something, just send me a message, R is always here :heart:

2 Likes

Hello R, do you mind if I DM? Need some guidance as to what tools I should be using for the part that I imagine gets a foothold. I have “the file” needed, but not sure how to start taking a closer look.

Of course, I can help you whenever you need :relaxed:

2 Likes

Popped; curious as to how other people got a foothold? I extensively used proc to leak info, which felt kind of unorthodox

Wow I really loved that box. One part in particular took me a long time but I learned a lot. Pm me if you need help

And one more box rooted! :smile:
I think getting the foothold was the hardest part of the machine. If anyone needs a hint feel free to PM me

1 Like

Totally agree with what @XSSDoctor and @lim8en1 said.

If you get access to the binary and decompile it with dnSpy , but don’t how to exploit it.

I suggest you setup an Windows VM and debug the binary.
As what I have experienced, the process is tough.

But if you look carefully, you will notice that one function has different return type.

4 Likes

Yea, I had to set up a windows vm to play around with code and try out different things. I think that makes this machine really nice that you have to understand this vulnerability (how to find vulnerable code, what can be placed in payload, etc) and write something custom.

This machine was great. Went down a rabbit hole. But eventually rooted!

Straigthforward box with all its difficulty concentrated on one particular step. It’s like you’re walking on a somewhat flat path in the woods and all of a sudden you have to climb to the top of a mountain, and then the path becomes flat again.
Honestly, identifying the vulnerability is pretty easy if you know your basics, but how you exploit it here… if you didn’t do it before I highly doubt you can find it by yourself (I did not, even though I think I’ve read pretty much everything there was to read about it lol).
Thank you for the box :slight_smile:

1 Like

Rooted. If anyone is experiencing issues with missing config files while debugging the app, you can DM me.

Hey everyone !

I’m currently stuck at making the application run on my windows vm in order to test and find a working payload. I can start the bagel.dll, the 5000 port is opening but when I try to sens something to it, I have no answer. It seems that my websocket server isn’t really working. I also downloaded the necessary dll using the same way than downloading bagel.dll

Can I DM anyone ? Tahnk you in advance !

You can DM me :slight_smile:

For people saying that you must run it in windows, you can do this whole thing in linux easily.

NuGet Gallery | ilspycmd 7.2.1.6856 works great. It’s a dotnet core app and is not in any way windows-native. You can build and run it on your kali just fine and if you stare at the code long enough it should become obvious :slight_smile:

1 Like

Bake the bagel on your own machine, and it will work well.