Thread subject: Security Override :: prev03

Posted by allan143 on 06/06/2013 11:21:29

hi all.
i can't figure out how to start on this one. could anyone give me a hint pls??

Posted by tiburtio on 06/08/2013 08:55:19

me too... i do not know what to do?...i hope someone gives us something to start...i really do not know this one..

Posted by allan143 on 06/08/2013 09:11:08

is see the two files in the home directory. but all things that i tried didn't work. give me a hint pls what to do with them. fell free to pm me

Posted by CrashOverron on 06/08/2013 10:29:34

dont over think this challenge. idk how to really help you without giving an answer but what if you can pass other types of input other than text to that script in the simulation?

Edited by CrashOverron on 06/08/2013 10:36:59

Posted by Abhinav2107 on 06/09/2013 14:50:11

Remember, the mission title says Priviliged Service. So, you might wanna look into the available services in the mission.

Posted by allan143 on 06/10/2013 12:06:28

thanks for the help guys. but i couldn't get the solution. maybe i overthink this chall way to much.

Posted by thefinder on 07/03/2013 05:04:16

Hi, the avalaible services are in the home directory?
Or I have to find them elsewhere?

Posted by Abhinav2107 on 07/03/2013 05:24:02

They're in the /home directory.

Posted by zediwon on 07/03/2013 07:21:15

you said there are two files in the home directory... try executing the files on the file you need to be escalated to view. as CrashOverron said i don't know how to give away hints without the answer but their are those files for a reason, cause it is simulation. execute the one... ;)

Posted by neoxquick on 09/06/2013 18:57:46

how about posting some links to get the idea.. its probably somekind of exploint with .txt and .h.... putting all together ...

guys i need something more of you .. really stuck on this one.. you can give me links to read

Posted by Teddy on 09/08/2013 05:50:12

Let me quick point out two things
1. There can be programs who execute with a higher priv level than you have. This behavior will be exploited often in priv escalation.
Local Buffer Overflows can be used for example to get a shell which runs with the privs of the exploited service rather than with your own privs. BOF are not the topic of that challange, though. But it should give you an idea what a goal of a challange should be. To use a given program and his privs to execute sth you could not.

2. The challange is simulated. That means. If there exists a file, program or sth else you most likely need it to pass the challange

Edited by Teddy on 09/08/2013 05:51:01

Posted by Abhinav2107 on 09/09/2013 05:36:12

And note that not all "inputs" will work with the program. As Teddy said, it's simulated.

Posted by MyYe on 11/20/2013 03:51:49

I still need some help with this. It bugs me that I can't get feedback from the system, so I can't tell if a command is typed wrong or does the command even exist on the simulation.

Unix is fairly new to me, and I've tried all sorts of piping and redirection, but nothing gives me anything. I can't figure the usage of the services in /home and where to apply them. [service] [path to file]? Should I be in some specific directory to be able to run them? Just typing [service name] doesn't give me anything, not even a "parameter is missing"-message. What am I missing?

Posted by fr0x on 11/20/2013 12:46:55

Here's the thing,
thr r two files in the home directory.
so probably thr is a program which runs with higher priv then which u currently have.
Just think for a minute what the program actually does.
Then use it to get the passwords.

Posted by allan143 on 11/24/2013 09:48:31

could i send somebody a Pm with the things i've tried. would like to know i'm in the right direction or not.

Posted by Abhinav2107 on 11/24/2013 12:11:22

PM away

Posted by mpour on 01/02/2014 03:58:24

i d like to know i have to change chmod or not?

Posted by Teddy on 01/02/2014 08:13:47

You don't have to change chmod. In fact chmod command does not exist in that simulated environent

Posted by mpour on 01/02/2014 08:59:07

Teddy wrote:
You don't have to change chmod. In fact chmod command does not exist in that simulated environent

i know i have to privilege my permission, i searched and found that by "su - " command i can do it, but when i used it it didnot work.
hint me! :(

Edited by mpour on 01/02/2014 09:06:27

Posted by Teddy on 01/02/2014 09:28:52

hint me!

There are enough hints given in this thrad, Just have a look what fr0x, I and Abhinav2107 wrote above.

Posted by VK on 08/17/2014 14:17:45

Teddy wrote:
hint me!

There are enough hints given in this thrad, Just have a look what fr0x, I and Abhinav2107 wrote above.

I've passed like every argument I can think of to .bashrc. Is this in the right direction?

Posted by t4r4t3ux on 09/14/2014 20:50:33

Teddy, fr0x, Abhinav2107, yeah! FINALLY! But for this, i read a lof of privilege... wow. a LOT! haha :D Thank you for this amazing and usefull challenges! B)

Posted by Zenithes on 11/07/2014 10:01:35

Excuce me, after reading Teddy, fr0x, and Abhinav2107 's post, I still have no idea.
It seems that program use its parameter as a string which ends up with a space, so pipeline is not working.
And I find that # , + , and & are not working, perhaps because of their use as parameters in url.
Is there anyone would like to give me some hints or something to read that can guide me to the solution?