Username: 
Password: 
Restrict session to IP 

New syscall enabled  Go to the The BrownOS challenge

Global Rank: 1
Totalscore: 759063
Posts: 437
Thanks: 496
UpVotes: 469
Registered: 15y 128d












The User is Offline
New syscall enabled
Google/translate1Thank You!2Good Post!1Bad Post! link
Have you heard? There is a new version of BrownOS out!

It has a whole new syscall, but I haven't been able to figure out its purpose yet. Seems pretty useless so far...
Global Rank: 227
Totalscore: 94363
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 290d




Last Seen: 5d 16h
The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5
Totalscore: 549488
Posts: 220
Thanks: 227
UpVotes: 231
Registered: 15y 44d






Last Seen: 19s
The User is Online
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
Wait... there is a kernel!? Happy
Global Rank: 551
Totalscore: 45801
Posts: 220
Thanks: 208
UpVotes: 218
Registered: 13y 351d
space`s Avatar
The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!1Bad Post! link
Quote from Gizmore
Sep 10, 2018 - 18:09:02

I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.

You wanted come CLI script which easily sends data to the service?!
Here is one:
GeSHi`ed Python code for brownos.py
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
import re
import time
import socket
 
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sock.connect(('wc3.wechall.net', 61221))
while True:
        data = raw_input('Cmd?:')
        data = re.sub('[^A-Za-z0-9]', '', data)
        data = re.findall('..', data)        data = ''.join([chr(int(x, 16)) for x in data])
        print('Sending: %r' % (data,))
        now = time.time()
        sock.send(data)
        print('Received: %r' % (sock.recv(10000), ))        print('Execution took: %.2f seconds' % (time.time() - now))
 


GeSHi`ed Plaintext code
1
2
3
4
5
Cmd?:05 00 FD 00 05 00 FD 03 FD FE FD 02 FD FE FD FE
Sending: '\x05\x00\xfd\x00\x05\x00\xfd\x03\xfd\xfe\xfd\x02\xfd\xfe\xfd\xfe'
Received: ''
Execution took: 18.26 seconds
Cmd?:
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it Happy
Global Rank: 1
Totalscore: 759063
Posts: 437
Thanks: 496
UpVotes: 469
Registered: 15y 128d












The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
SPOILER ALERT
Global Rank: 794
Totalscore: 32552
Posts: 74
Thanks: 38
UpVotes: 48
Registered: 6y 301d
Last Seen: 3y 165d
The User is Offline
RE: New syscall enabled
Google/translate0Thank You!0Good Post!0Bad Post! link
Quote from Gizmore
Sep 10, 2018 - 18:09:02

I still cant figure out that something might be the cmd to interrupt and transfer my parameters to the kernel
maybe someone can code something up?.



In Bash:
echo 00 01 02 03 ... | xxd -r -p | nc wc3.wechall.net 61221 | xxd
The spoiler being that the service takes binary input. But that has been devulged elsewhere, so not much of a spoiler.
Hint: If you give it good input, you get good stuff back... Now, what is good input? ;)
UnQuaiz, dloser, Redknee, ckclark, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4135 times.