I’m stuck getting user. I can read files (at least 2 interesting ones found) and am able to log into a web app after cracking hashes. After reading about several auth mechanisms and trying several other things i’m out of ideas. I guess i overlooked something.
It would be great if one of you could give me a hint on how to continue. PMs are welcome. This post is a bit vague because i don’t want to spoil.
Many thanks to @incidrthreat and @Mumbai for this cool machine. I found the user part pretty hard but also useful for sharpening my fuzzing skills. And i learned at least one (bit crazy) new technique.
Getting root was also cool, but more straightforward in my opinion. For me it was necessary to reset the machine on two occasions in order to be able to continue (read above for problems with read-only access).
rooted! dam this box for me was way harder than smasher… smasher was more logical, but has bad wrap because not many people knows C/ASM/GDB but I happen to be familiar since i’m a unix admin for a long time, but this box in the other hand… O_o
Holy COW… What a ride… This box must have been a real treat to make.
I loved the detail.
Props to @incidrthreat and @Mumbai for making this. It was a real treat, learned a lot
@evandrix Nah, whatever that is forget it. Once you buckle down and figure out the various paths, the box is as-advertised. Be prepared to actually read about and learn how a few things work. When you run into them you’ll know what I’m talking about. There are basically no shortcuts. If you’re stuck, invest some time in learning about how the thing you’re stuck on actually works in practice, not just in the context of a CTF.
I think the reason why there isn’t a lot of discussion about Oz is because there aren’t really any troll moves or tricks. You either know how ‘xyz’ works, or you don’t get user, let alone root.
Folks with development experience will have an easier time. Those with DevOps experience will have an even easier time.
Thanks guys, the box was really fun to build. @mumbai and I had a blast putting it together. We like being praised for our torturing techniques. xD
@rejoinder - You hit the nail right on the head. The various ways to get access to each app, to get user, and to get root were very intentional. Research is key and Oz will make you work for it. Even if you already know a tool or are familiar with a few methods, users are gonna have to buckle down and learn some new things about those tools and methods. Dust off those googlator skills folks.
I try to enumerate the web app and at least for one specific url i receive what looks like a JSON reply. I can also raise a 500 on that request but not sure how to continue. Any good reads on this topic ?
am getting too many ciphers on different location !!! but unable to detect what algorithm is used on those ciphers ?? Is am on the right path ??? PM me for a Hint !!! Thanks in advance !!!
@Warlord711 said:
I try to enumerate the web app and at least for one specific url i receive what looks like a JSON reply. I can also raise a 500 on that request but not sure how to continue. Any good reads on this topic ?
If you see abnormal behavior (and a error 500 is abnormal) pay attention to how it was caused. Try to reproduce it and and ask yourself what could it mean.