Official OpenKeyS Discussion

@iampachinko said:

Is it RE?

Who knows, if i answer that all the fun of the box will be gone.

Root!

uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)

@Caracal

Much appreciated, thanks for the confirmation and steer towards some relevant learning.

kinda struggling with root, anyone got a hint?

Really Interesting machine , learned some new skills, thanks @polarbearer and @GibParadox !

openkeys# id;whoami;hostname
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
root
openkeys.htb
openkeys# 

Feel free to DM For NUDGES! :wink:

@OrkaThaHacker said:

kinda struggling with root, anyone got a hint?

If you’ve done user, the root part is straightforward before even getting on the box. Come back to your notes and also maybe the different articles that you have read for the first part.

I am working on root myself. I am working on more enumeration at the moment. I have a path for elevation (I believe) but looking for credentials.

Nevermind on what I stated, not the correct path…

I’m struggling with the RE bit, most functions appear to be useless and the only one with an interesting name is undefined, so I can’t see how this binary could be of any use, or how to dig deeper. Any hints?

@Baud
No need for full RE, it helps with enumeration and googling… but no need to de-compile etc.

Only just got foothold/user myself after spending ages learning gdb and stepping through the executable.

As others have said before me, look for more obvious attack vectors from your enumeration, but a topical look at that binary is enough coupled with what enum should turn up to give you a possible path to google about.

pm for hints

rooted
no need for RE. Its more about RCE than RE.
Feel free to DM for nudges.
you can connect with me in telegram under hawksvision

Definetly that RE is rabbit hole. Stuck more than a day.

If you people are doing RE. My honest suggestion is: don’t do that. I think the creators of the box are a fan of rabbit-holes. Their before box " Admirer " is also having bunch of rabbit holes. Come on. Don’t do RE, if you want to own the box.

Remove if it is a spoiler.

Rooted .
I got stuck at user part a bit . I was blind . Didn’t do enough enum :frowning: .Thanks @alienum for opening my eyes .

As far as root goes i think was kind of easy . As long as you enumerate well and google is always our friend :wink:
No RE for this matter …

Rooted. Quite interesting box. The hardest part of my journey on this box is the OPENingKEYS.

Knock my inbox for hints.

openkeys# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)

Rooted. Feel free to pm for hints.

Rooted!
If anyone need a help, pm :slight_smile:

rooted. The foothold is the hardest part :slight_smile:

rooted!
Cool box!