New syscall enabled Go to the The BrownOS challenge
Global Rank: 1
Totalscore: 759433
Posts: 437
Thanks: 495
UpVotes: 468
Registered: 15y 57d
The User is Offline
New syscall enabled
Sep 08, 2018 - 17:46:17 (6y 14d)
Sep 08, 2018 - 17:46:17 (6y 14d)
Have you heard? There is a new version of BrownOS out!
It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
Global Rank: 247
Totalscore: 87961
Posts: 1661
Thanks: 1349
UpVotes: 906
Registered: 16y 219d
Last Seen: 1d 15h
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 18:09:02 (6y 12d)
Sep 10, 2018 - 18:09:02 (6y 12d)
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
maybe someone can code something up?.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5
Totalscore: 548779
Posts: 208
Thanks: 216
UpVotes: 218
Registered: 14y 338d
Last Seen: 11h 49m
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 18:27:59 (6y 12d)
Sep 10, 2018 - 18:27:59 (6y 12d)
Wait... there is a kernel!? 
Global Rank: 544
Totalscore: 46001
Posts: 220
Thanks: 206
UpVotes: 216
Registered: 13y 280d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 19:06:11 (6y 12d)
Sep 10, 2018 - 19:06:11 (6y 12d)
Quote from GizmoreSep 10, 2018 - 18:09:02
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
You wanted come CLI script which easily sends data to the service?!
Here is one:
GeSHi`ed Python code for brownos.py
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 | import re import time import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sock.connect(('wc3.wechall.net', 61221)) while True: data = raw_input('Cmd?:') data = re.sub('[^A-Za-z0-9]', '', data) data = re.findall('..', data) data = ''.join([chr(int(x, 16)) for x in data]) print('Sending: %r' % (data,)) now = time.time() sock.send(data) print('Received: %r' % (sock.recv(10000), )) print('Execution took: %.2f seconds' % (time.time() - now)) |
GeSHi`ed Plaintext code
1
2
3
4
5 | Cmd?:05 00 FD 00 05 00 FD 03 FD FE FD 02 FD FE FD FE
Sending: '\x05\x00\xfd\x00\x05\x00\xfd\x03\xfd\xfe\xfd\x02\xfd\xfe\xfd\xfe'
Received: ''
Execution took: 18.26 seconds
Cmd?: |
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it
Windows can be secure... but only if you don't use it
Global Rank: 1
Totalscore: 759433
Posts: 437
Thanks: 495
UpVotes: 468
Registered: 15y 57d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 19:12:14 (6y 12d)
Sep 10, 2018 - 19:12:14 (6y 12d)
SPOILER ALERT
Global Rank: 782
Totalscore: 32727
Posts: 74
Thanks: 38
UpVotes: 48
Registered: 6y 230d
Last Seen: 3y 94d
The User is Offline
RE: New syscall enabled
Sep 10, 2018 - 21:26:52 (6y 12d)
Sep 10, 2018 - 21:26:52 (6y 12d)
Quote from GizmoreSep 10, 2018 - 18:09:02
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
In Bash:
echo 00 01 02 03 ... | xxd -r -p | nc wc3.wechall.net 61221 | xxd
The spoiler being that the service takes binary input. But that has been devulged elsewhere, so not much of a spoiler.
Hint: If you give it good input, you get good stuff back... Now, what is good input? ;)
UnQuaiz, dloser, Redknee, ckclark, tunelko, silenttrack, n0tHappy, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, kalungmas have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 3947 times.
1 people are watching the thread at the moment.
This thread has been viewed 3947 times.