Official Late Discussion

I’m having problem to root the machine. I found the .sh file, I know what to do but when I try to run the reverse shell always send it to me as svc user. Do you know why this is happening? Using pspy I noticied that it is running a different file but it is in /root directory. Any help in this part?

1 Like

Nevermind, I pwned it. :sweat_smile:

I ended up needing to combine different fonts. I used Monopace size 30 kerning 1.0 for the 80% of my payload and Arial size 30 kerning 0.5 for the remaining part of the payload. Was able to get a particularly helpful file that way.

So I finally got “ls” to work. But now that it is time for a reverse shell the command is to long and the fonts get all messed up again. I am using paint. Any help will be GREATLY appreciated. I have been on this one for far to long and even though I know how to finish it the thing will not work.

Looks like I’m “Late” to the party. I’m no stranger to pentesting but this one is new to me. Some comments suggest this is a really common exploit. Rather then hints I wonder if someone could point me to some subject material for extra bed time reading?

color: red
background-color: gray

with one of the most common fonts.

The Templated box will do you good.

hint:…Stephen Hibbert played this character in the Quentin Taratino movie with Mace Windu and Grease Lighting!..

Keep trying! You may need to read the hint I gave below… you need “an object that can extend an individual’s ability to modify features of the surrounding environment”… hint hint…

This is so incredibly frustrating. The way the engine parses the thing you need to run is so unpredictable. Grateful for some hints. TIA!

Tengo el mismo problema.

Te recomiendo usar pspy y dejalo correr un rato para que veas que es lo que esta haciendo.

I would recommend you to run pspy and let it run for some time and then you’ll see what the cronjob is doing.

If you would like to ask me how I did it, you can contact to me on linkedin.
https://linkedin.com/in/edgar-loredo-313053178/

1 Like

Jeez. I’ve managed to get user after 9 hours of trying.

2 Likes

Took me some time to figure it out. Learned some things, great box overall. A bit tricky to get it working properly, but still a great way to learn about that type of vulnerabilities.

Root was pretty straightforward, you could actually figure it out only without using any tool, but using that spy tool helped understand things better and faster.

Available if needed, just PM or Discord.

Thanks

2 Likes

with monospace its easier to distinguish characters, especially with a serif monospace font.
as the name implies, every character takes up the same amount of space, so its easier for the OCR algorithm to pick up the correct characters in the correct positions. larger font also improves readability.

Somebody has an issue with this machine lately?
Suddenly my reverse shell stopped working…

I found GIMP to be much more helpful.

I only used a screenshot utility like flameshot (you can write text as well) and text editor like mousepad where to write my payload and take a snap. It worked well.

User: As everyone else said, I found the immediate issue to be around font choices: 27px Menlo was what I found most reliable. I built a small script to convert simple html into an image using “wkhtmltoimage” and then another to upload the produced image, so I could rapidly test things.

I found issue with the stability of getting a backdoor up and running though.

Root: This took me a lot longer than expected, not in the least due to issues with backdoor stability. If you’d like more hints or suggestions I’ll do my best.

how do i find the IP for the images.late.htb

1 Like