New syscall enabled Go to the The BrownOS challenge
Global Rank: 1
Totalscore: 759092
Posts: 437
Thanks: 496
UpVotes: 469
Registered: 15y 107d
The User is Offline
New syscall enabled
Sep 08, 2018 - 17:46:17 (6y 64d)
Sep 08, 2018 - 17:46:17 (6y 64d)
Have you heard? There is a new version of BrownOS out!
It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
Global Rank: 246
Totalscore: 88161
Posts: 1673
Thanks: 1356
UpVotes: 912
Registered: 16y 269d
Last Seen: 16s
The User is Online
RE: New syscall enabled
Sep 10, 2018 - 18:09:02 (6y 62d)
Sep 10, 2018 - 18:09:02 (6y 62d)
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
maybe someone can code something up?.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5
Totalscore: 549541
Posts: 220
Thanks: 227
UpVotes: 231
Registered: 15y 23d
Last Seen: 6h 38m
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 18:27:59 (6y 62d)
Sep 10, 2018 - 18:27:59 (6y 62d)
Wait... there is a kernel!? 
Global Rank: 551
Totalscore: 45801
Posts: 220
Thanks: 208
UpVotes: 218
Registered: 13y 330d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 19:06:11 (6y 62d)
Sep 10, 2018 - 19:06:11 (6y 62d)
Quote from GizmoreSep 10, 2018 - 18:09:02
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
You wanted come CLI script which easily sends data to the service?!
Here is one:
GeSHi`ed Python code for brownos.py
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 | import re import time import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sock.connect(('wc3.wechall.net', 61221)) while True: data = raw_input('Cmd?:') data = re.sub('[^A-Za-z0-9]', '', data) data = re.findall('..', data) data = ''.join([chr(int(x, 16)) for x in data]) print('Sending: %r' % (data,)) now = time.time() sock.send(data) print('Received: %r' % (sock.recv(10000), )) print('Execution took: %.2f seconds' % (time.time() - now)) |
GeSHi`ed Plaintext code
1
2
3
4
5 | Cmd?:05 00 FD 00 05 00 FD 03 FD FE FD 02 FD FE FD FE
Sending: '\x05\x00\xfd\x00\x05\x00\xfd\x03\xfd\xfe\xfd\x02\xfd\xfe\xfd\xfe'
Received: ''
Execution took: 18.26 seconds
Cmd?: |
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it
Windows can be secure... but only if you don't use it
Global Rank: 1
Totalscore: 759092
Posts: 437
Thanks: 496
UpVotes: 469
Registered: 15y 107d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 19:12:14 (6y 62d)
Sep 10, 2018 - 19:12:14 (6y 62d)
SPOILER ALERT
Global Rank: 791
Totalscore: 32552
Posts: 74
Thanks: 38
UpVotes: 48
Registered: 6y 280d
Last Seen: 3y 144d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 21:26:52 (6y 62d)
Sep 10, 2018 - 21:26:52 (6y 62d)
Quote from GizmoreSep 10, 2018 - 18:09:02
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
In Bash:
echo 00 01 02 03 ... | xxd -r -p | nc wc3.wechall.net 61221 | xxd
The spoiler being that the service takes binary input. But that has been devulged elsewhere, so not much of a spoiler.
Hint: If you give it good input, you get good stuff back... Now, what is good input? ;)
UnQuaiz, dloser, Redknee, ckclark, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4102 times.
1 people are watching the thread at the moment.
This thread has been viewed 4102 times.