Username: 
Password: 
Restrict session to IP 

New syscall enabled  Go to the The BrownOS challenge

Global Rank: 1
Totalscore: 758910
Posts: 437
Thanks: 497
UpVotes: 470
Registered: 15y 152d












The User is Offline
New syscall enabled
Google/translate1Thank You!2Good Post!1Bad Post! link
Have you heard? There is a new version of BrownOS out!

It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
Global Rank: 227
Totalscore: 94360
Posts: 1684
Thanks: 1360
UpVotes: 920
Registered: 16y 314d




Last Seen: 1d 12h
The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5
Totalscore: 550226
Posts: 225
Thanks: 232
UpVotes: 233
Registered: 15y 68d






Last Seen: 14h 58m
The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
Wait... there is a kernel!? Happy
Global Rank: 551
Totalscore: 45801
Posts: 220
Thanks: 208
UpVotes: 218
Registered: 14y 10d
space`s Avatar
The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!1Bad Post! link
Quote from Gizmore
Sep 10, 2018 - 18:09:02

I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.

You wanted come CLI script which easily sends data to the service?!
Here is one:
GeSHi`ed Python code for brownos.py
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
import re
import time
import socket
 
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sock.connect(('wc3.wechall.net', 61221))
while True:
        data = raw_input('Cmd?:')
        data = re.sub('[^A-Za-z0-9]', '', data)
        data = re.findall('..', data)        data = ''.join([chr(int(x, 16)) for x in data])
        print('Sending: %r' % (data,))
        now = time.time()
        sock.send(data)
        print('Received: %r' % (sock.recv(10000), ))        print('Execution took: %.2f seconds' % (time.time() - now))
 


GeSHi`ed Plaintext code
1
2
3
4
5
Cmd?:05 00 FD 00 05 00 FD 03 FD FE FD 02 FD FE FD FE
Sending: '\x05\x00\xfd\x00\x05\x00\xfd\x03\xfd\xfe\xfd\x02\xfd\xfe\xfd\xfe'
Received: ''
Execution took: 18.26 seconds
Cmd?:
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it Happy
Global Rank: 1
Totalscore: 758910
Posts: 437
Thanks: 497
UpVotes: 470
Registered: 15y 152d












The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
SPOILER ALERT
Global Rank: 795
Totalscore: 32552
Posts: 74
Thanks: 38
UpVotes: 48
Registered: 6y 325d
Last Seen: 3y 189d
The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
Quote from Gizmore
Sep 10, 2018 - 18:09:02

I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.



In Bash:
echo 00 01 02 03 ... | xxd -r -p | nc wc3.wechall.net 61221 | xxd
The spoiler being that the service takes binary input. But that has been devulged elsewhere, so not much of a spoiler.
Hint: If you give it good input, you get good stuff back... Now, what is good input? ;)
UnQuaiz, dloser, Redknee, ckclark, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4194 times.