New syscall enabled Go to the The BrownOS challenge
Global Rank: 1
Totalscore: 759074
Posts: 437
Thanks: 496
UpVotes: 469
Registered: 15y 122d
The User is Offline
New syscall enabled
Sep 08, 2018 - 17:46:17 (6y 79d)
Sep 08, 2018 - 17:46:17 (6y 79d)
Have you heard? There is a new version of BrownOS out!
It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
Global Rank: 227
Totalscore: 94366
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 284d
Last Seen: 1d 8h
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 18:09:02 (6y 77d)
Sep 10, 2018 - 18:09:02 (6y 77d)
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
maybe someone can code something up?.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5
Totalscore: 549519
Posts: 220
Thanks: 227
UpVotes: 231
Registered: 15y 38d
Last Seen: 11h 27s
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 18:27:59 (6y 77d)
Sep 10, 2018 - 18:27:59 (6y 77d)
Wait... there is a kernel!? 
Global Rank: 551
Totalscore: 45801
Posts: 220
Thanks: 208
UpVotes: 218
Registered: 13y 345d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 19:06:11 (6y 77d)
Sep 10, 2018 - 19:06:11 (6y 77d)
Quote from GizmoreSep 10, 2018 - 18:09:02
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
You wanted come CLI script which easily sends data to the service?!
Here is one:
GeSHi`ed Python code for brownos.py
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 | import re import time import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sock.connect(('wc3.wechall.net', 61221)) while True: data = raw_input('Cmd?:') data = re.sub('[^A-Za-z0-9]', '', data) data = re.findall('..', data) data = ''.join([chr(int(x, 16)) for x in data]) print('Sending: %r' % (data,)) now = time.time() sock.send(data) print('Received: %r' % (sock.recv(10000), )) print('Execution took: %.2f seconds' % (time.time() - now)) |
GeSHi`ed Plaintext code
1
2
3
4
5 | Cmd?:05 00 FD 00 05 00 FD 03 FD FE FD 02 FD FE FD FE
Sending: '\x05\x00\xfd\x00\x05\x00\xfd\x03\xfd\xfe\xfd\x02\xfd\xfe\xfd\xfe'
Received: ''
Execution took: 18.26 seconds
Cmd?: |
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it
Windows can be secure... but only if you don't use it
Global Rank: 1
Totalscore: 759074
Posts: 437
Thanks: 496
UpVotes: 469
Registered: 15y 122d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 19:12:14 (6y 77d)
Sep 10, 2018 - 19:12:14 (6y 77d)
SPOILER ALERT
Global Rank: 794
Totalscore: 32552
Posts: 74
Thanks: 38
UpVotes: 48
Registered: 6y 295d
Last Seen: 3y 159d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 21:26:52 (6y 77d)
Sep 10, 2018 - 21:26:52 (6y 77d)
Quote from GizmoreSep 10, 2018 - 18:09:02
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
In Bash:
echo 00 01 02 03 ... | xxd -r -p | nc wc3.wechall.net 61221 | xxd
The spoiler being that the service takes binary input. But that has been devulged elsewhere, so not much of a spoiler.
Hint: If you give it good input, you get good stuff back... Now, what is good input? ;)
UnQuaiz, dloser, Redknee, ckclark, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4129 times.
1 people are watching the thread at the moment.
This thread has been viewed 4129 times.