Dream Diary Chapter 1 Remote Fails

Someone please tell me what Im missing. I have a local exploit working, same OS and what I believe is the same libc, works perfect locally but fails remotely. I won't give any spoilers, but Im able to achieve a write primitive, and able to leak libc via function overwrite. It always hangs when I call system. Someone smarter than me, please shoot me a message.

Comments

  • I haven't done the challenge yet (so I might be wildly off track), but if the binary is exposed through socat, it might interpret the 0x7f character (so frequent in 64bit addresses) as a DEL character, messing up the 0x7f... address and probably ruining the exploit.
    I'd suggest running the binary locally with socat to emulate this behavior and react accordingly.
  • I haven't done the challenge yet (so I might be wildly off track), but if the binary is exposed through socat, it might interpret the 0x7f character (so frequent in 64bit addresses) as a DEL character, messing up the 0x7f... address and probably ruining the exploit.
    I'd suggest running the binary locally with socat to emulate this behavior and react accordingly.
Sign In to comment.