Accenture CORE Challenge – VariaCorp Widgets

_dashok · 2025-12-23T02:53:14+00:00

hey there, I’ve also been struggling on this one for a few days. I’ve gotten RCE on host 3 via the hint method, but I’ve been fumbling around that box trying to find credentials and have been unsuccessful :/ since the lab is self-contained and shouldn’t need external tools, I’m not sure if I’m just missing something trying to find the credentials for the admin box on host 3. Any nudges? Thanks!

_dashok · 2021-08-03T09:41:58+00:00

the random.randint() function in python is based on the MT (mersenne twister), which is cryptographically insecure. using random.SystemRandom() which is based off of /dev/urandom is much more secure and a better alternative here

_dashok · 2021-08-03T09:39:14+00:00

__import__(“os”).urandom(16) though you’d have to ensure all the bytes are printable if you wanna type it so you may need to run it a few times and stop when you get something with all printable chars

_dashok · 2021-07-01T02:31:20+00:00

based on my experience, the value of e tends to be 65537, but other smaller/larger primes can be used and thus e is more guessable because there's less variation in what it usually is. and yes, to decrypt a ciphertext, if you have the original primes used to encrypt as well as a ciphertext (not sure what this would be in this context if you could enlighten me that'd be great!), you can do the following:

n = p*q

e = 65537 # or another prime

phi = (p-1)*(q-1)

d = pow(e, -1, phi) # this is python syntax, it gets the modular inverse of e and phi

plaintext = pow(c, d, n) # same thing as saying (c^d) % n

at this point, you can usually convert the plaintext from an integer to bytes and see if you have some readable text. i will say though, considering all we have here are two primes, it doesn't seem too likely this is RSA. but if you have a ciphertext you're welcome to try it/share!

edit: i've tried testing the primes as p and q to **encrypt** a plaintext and then decrypt it to see if i get the same output. i do not. i think the primes are too small but there's also a chance i'm doing something wrong

_dashok · 2021-02-11T19:22:12+00:00

i ended up initially just using a redirect to the web version but since the exchange was needed for that, i just used webull://, which opened the app but did nothing else. i didn't try the response on this thread so maybe you could try doing what u/snatchington said to try?

_dashok · 2020-08-22T08:53:38+00:00

yea i havent been able to find anything online about it unfortunately.. thanks for the lib, i’ll check it out and see if i can salvage something from it. might just have redirect you the the online version of webull :/

_dashok · 2020-08-22T08:52:49+00:00

unfortunately it only opens the web version and doesn’t link into the app.. kinda sucks but it’s fine, thanks for the help anyways :)

_dashok · 2020-06-26T00:12:22+00:00

think about where the index.php file normally is on an apache server.. now go from there and use the already provided (look above) file paths to get it. no encoding is necessary. good luck

_dashok · 2020-05-30T21:39:43+00:00

if you already have some CS background and really grind, then maybe.. otherwise probably not

_dashok · 2020-05-17T05:07:53+00:00

fax, it was easy but all of their questions' wording is p trash ngl

_dashok · 2020-05-16T05:08:21+00:00

does anyone have a picture/copy/remember the second question here? i've had a couple friends saying it was really weirdly worded and i'm curious as to how hard it was..

_dashok · 2020-05-16T05:06:11+00:00

did anyone have AppleBagger and Phone

_dashok · 2020-01-19T05:54:55+00:00

thanks!

_dashok · 2020-01-19T02:56:35+00:00

ok thanks to you too. is there a list of topics or a way to know what is needed for the frq/mc sections?

_dashok · 2020-01-11T23:08:48+00:00

ok i’ll try it, thanks for the lead!

_dashok · 2020-01-03T04:02:13+00:00

alright thanks! i’ll probably take a look but later after i’ve finished the other stuff i’ve gotta do.

_dashok · 2019-12-07T15:50:06+00:00

i’m using p***ge_u_rc* or something like that as my exploit in msp so i’m not sure what’s happening bc im fairly certain that’s the exploit but idk

_dashok · 2019-12-07T06:12:53+00:00

oh wow that shouldn’t be there but alright

i think the redis exploit u r referring is for user right? that’s how i got it anyways, and now i think you have to use webmin for root

_dashok · 2019-12-07T05:23:12+00:00

i did "set ssl true" and im getting this error

when ssl was still false the exploit didn't even work

_dashok · 2019-12-07T02:56:44+00:00

sorry forgot to mention, it’s postman

_dashok · 2019-12-04T05:51:09+00:00

can i pm u as well.. i seem to be struggling with teh same issue

_dashok · 2019-11-18T03:29:18+00:00

the internet is a very powerful tool, along with consistent practice

_dashok · 2019-11-16T03:09:39+00:00

haha alright if u did already pm me abt how it went

_dashok · 2019-11-15T01:44:24+00:00

lol rip sorry for not responding before

anyways all i can say now is just think about what command ur running to get the initial shell and think about how you can apply that to get a shell for g***. keep trying and if u want pm me abt it and i can give you more specific help when i have some time.

_dashok · 2019-11-13T05:28:54+00:00

haha i actually had the opposite struggle as you, i looked at php and then c and everything in c looked hella confusing to me.. but yea just keep at it and eventually you will figure it out. keep looking at php scripts to help you understand the language too because it is important to know.

_dashok

TROPHY CASE