i’m struggling with finding the right font and size… can someone help pls.
2 Likes
I don’t know if it’s that important, but I used Arial 24 @ 1600x800.
apt-get install ttf-mscorefonts-installer
After 50+ inconsistent tries, I increased the kerning to 1.0 and it worked immediately.
I also like to imagine that adding some random text before and after was helpful.
The box is very easy, it’s just a test of patience… Which I don’t like, since it’s not a matter of skill or experience. Hints are painfully obvious, path to root pops up like firework in our dearest local enum tool. Literally 5-10 minutes of enum/exploit work, and 3 hours of finding the magic settings to be recognized.
8 Likes
What image editor software are y’all using? I’m just using online websites since I don’t have MS paint since I use a Mac. Is there any better software or some good website y’all recommend? I already know the attack path, index number of s********s.p***n, and have tried over 100 times to get the thing to work, and it only worked successfully once where I received an object back.
This is the worst box ever made. I hate this. Arial 24 doesn’t work. Courier Best Font!!!
- This message was paid for by the Courier Gang™
Root was silly
2 Likes
After the nudge from tec I found that the type of font became almost (almost) irrelevant. In F’s case though, size really does appear to matter!
You think is it really worth the 20 point machine? If it is, i 1 step close to getting OSCP ^^
Did you run into any kind of upper size limit? I’ve generated maybe 50 submissions at this point but still can’t pass anything more complicated than wh**** without running into syntax errors not associated with the passed command. Underscores seem to be the real killer.
Ha, yes, underscores absolutely were the worst. No upper limit for char size, as long as it is readable. Beware though, I found that sytax rules also came into play once you passed a certain size.
1 Like
I am still struggling with the underscores, too. Even at 350pt font size. Giving up now, because there seems to be nothing valuable to learn from this box but frustration tolerance and my desk has enough bite marks already…
2 Likes
I forgot to mention. I’d never even heard of this software before and so had to research it. During this research, I found that there is also an HTB Challenge that can be completed. That challenge taught me everything I needed to know in order to gain a foothold on Late. Well, that and the nudge from tec 
recommendation: use white background with black text
1 Like
can someone give me hint after uploading file even if i change its extension i receive that error message …/svc_***/… u all r talking about backend font but cant get click of it
1 Like
Hi Hangman. Have a think about what is happening and try some different images
…and rooted.
Foothold was frustrating. Root was classical. Nice box.
Foothold: Follow the clues, fairly obvious hint provided about the webapp. Use that hint to find a common exploit associated with it, but in order to exploit it you’ll have to convert your thinking (perhaps several times to get it right). Read what you need to get user.
Root: Awesome enumeration tells you what you need to know, spying helps too.
I figured out the vulnerability for RCE early on but it took me a while to get the nuances just right. But I must be brainfarting if root is so straight forward. The only thing that stood our from Awesome enumeration and spying (if i"m reading the hints correctly) was not an absolute attribute but I can’t seem to find the right path. Am i on the right track?
The path you’re on is correct, but there may be other relative things to try. It takes a few minutes, be patient.
What was the name of the HTB challenge? I would like to work on that first. Thank you!
2 Likes
im stuck please i need help
Im at the point where i can get the http response to be
“mytext”
but dont know how to go further. Any hints or advises would be appreciated!