Official Ophiuchi Discussion

Pretty fun box. Definitely learned something new even if a lot of it was already on Github.

I had never heard of the thing needed for root before this - but it is fascinating.

Thanks @felamos - I actually enjoyed reading up on this.

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnableā€¦

Type your comment> @m1tch404 said:

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnableā€¦

The link works fine and plus thatā€™s not the only tool on GitHub that you can use to edit the binaryā€¦

@m1tch404 said:

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnableā€¦

That seems to still be available on github but to confirm @sicario1337ā€™s point - I didnā€™t use this tool.

Type your comment> @m1tch404 said:

Guys, is that normal if github.com/wasmerio/wasmer-go/wasmer is not recheable anymore ? Cause it make the machine unpwnableā€¦

Just go up a dir or two with that link, then you find the repo. But you donā€™t really need it anyway.

Thanks you all for your returns but didnt need this tool, actually it is used by the only program I can run (donā€™t want to spoil) ā†’ line 5 in the import section. So it returns me a ā€œcannot find packageā€ errorā€¦

Foothold: Donā€™t believe everything. And google is your friend. Actually read the errors.

Local: Very basic enum.

root: More basic enum to find the obvious goal. Getting the ball over the finish line takes a bit of studying. The creators of this technology have everything you need.

Just rooted the box. Feel free to pm me for questions.

Hello, I have some trouble with my reverse shell.
The server downloads the "META-/s*/..Factory and snake/**.class but I donā€™t think the payload is runningā€¦
Can I have some hint ? :smile:

Type your comment> @m1tch404 said:

Thanks you all for your returns but didnt need this tool, actually it is used by the only program I can run (donā€™t want to spoil) ā†’ line 5 in the import section. So it returns me a ā€œcannot find packageā€ errorā€¦

The program youā€™re talking about can definitely be executed. I havenā€™t solved how to get it to do what I want yet, but you should double checkā€¦
You can run that program without importing/installing anything. Donā€™t know if the thing it is importing will be useful later, though

id
uid=0(root) gid=0(root) groups=0(root)```
Very good machine, I have learned a lot in the process to get root. Recommended to find a way to make the m*.w* file "understandable". Any hints PM. 

this is a fun machine, and i finally managed to rooted it
if any of you guys need any hint just DM me, im willing to help you :blush:

I finally managed to root the machine. I spent a lot of time trying to compile stuff for the root part, but there is an easier solution. If you need any help let me know.

Type your comment> @PrivacyMonk3y said:

My advice for you guys trying to get footholdā€¦ if you get a 500 debug/dump screenā€¦ read all the way through itā€¦ lol donā€™t be like me.

This has saved me so much time and frustation because I was about to give up and thought to check the forums once! Thanks !!!

~~I find a sn**yaml payload and try to get a reverse shell, I add a simple nc in the payload and it can connect to my local pc, but any other reverse payload canā€™t work. Also tried to download the exp to the machine, but when try to execute it ,it doensā€™t work. ~~

Edit: Get the foothold finally, I should use a definite address in the payload. The user is simple to get, working on the root now.

Wondering if anyone could help on foothold. I got past the 500 errors but reverse shell isnā€™t working. Connects up but canā€™t execute commands. I assume there is a problem with the payload.

Ended up figuring out payload: had to run two services at once for it to play nice though. User is trivial from there if you explored the site a bit. On to rootā€¦

Kinda stuck on the root part. Tried compiling myself, didnā€™t work for some reason. Didnt find the package needed for compiling on the box either. Any help will be appreciated.

Hi, i managed to manipulate the request and i can make the machine download my files, but every reverse shell i try i donā€™t get the connection, can you give me any nudge?

i managed to get a simple nc without commands and without the ā€œ-eā€

Edit (SOLVED):

Big Up to @sicario1337 , i am on my way to root

Type your comment> @Meise said:

Hi, i managed to manipulate the request and i can make the machine download my files, but every reverse shell i try i donā€™t get the connection, can you give me any nudge?

i managed to get a simple nc without commands and without the ā€œ-eā€

Hey Meise!.. whereā€™ve you been? long time hey!

PM what youā€™ve done and how you doing it :wink:

From what I can tell so far the YAML parser is at least meant to work. Anyone else getting a blank page with ā€˜Due to security reason this feature has been temporarily on hold. We will soon fix the issue!ā€™ everytime they post something to the Yaml servlet?