Dream Diary: Chapter 3

Just thought I’d mention a few things to help with the development of the exploit for the challenge.

  1. If it works locally but fails remotely (some of you might face this issue), try to follow the adjustment that I mentioned in the challenge description. I’m not too sure why it happens exactly, but if you debug locally by running the binary through an xinetd service, you should be able to get good offsets. If any of you know why this happens, feel free to inform me as I’m very curious why it happens.

  2. The flag file name isn’t guessable. A shell is very possible here and really consider the challenge description about the shortcomings of blacklisting.

  3. Sometimes it helps to use more than one binexp technique :slight_smile:

Anyways, hope all of you can keep enjoying this challenge and learn something new!

I don’t know what was the challenge tester thinking but this challenge is definitely worth 90-100 points. It’s much tougher than dream diary 1 and 2.

Yes this challenge is really underrated , but fun :slight_smile:

too easy of a challenge, make it harder next time please.

@oep :joy:

Type your comment> @oep said:

too easy of a challenge, make it harder next time please.

Wow so funny

! Very fun challenge :slight_smile:
Consider start with diary1 and diary2 before (more points but less difficult)

I getshell locally by running the binary through an xinetd service, but still stuck remotely.:joy:

edit:Finally getshell. Very fun challenge~ Learned a lot of new knowledge.

fun and challenging
chapter 1 and 2 were much easier, this one definitely worth more than 90 points

Hey guy, can anyone DM for help ? I’m totally stuck on this one… Thanks in advance

Put this challenge off until it was the very last one on my list… (not intended to offend either, I was actually just scared of it :joy: ) After spending numerous days on it locally and quite a few hours remotely, it has finally been conquered. Thanks @will135 for making such a hard challenge!

Done and Dusted!!! Holy Smokes!! that puppy just like the previous 2 chapters were hard but ■■■■■■ absolutely worth it. I enjoyed how this challenge requires the utilisation of multiple binary exploit techniques. Thanks to @R4J for a great challenge :slight_smile:

Type your comment> @wxadvisor said:

Done and Dusted!!! Holy Smokes!! that puppy just like the previous 2 chapters were hard but ■■■■■■ absolutely worth it. I enjoyed how this challenge requires the utilisation of multiple binary exploit techniques. Thanks to @r4j for a great challenge :slight_smile:

Glad you liked it, but it was @will135 who made the challenge and not me.

Type your comment> @R4J said:

Type your comment> @wxadvisor said:

Done and Dusted!!! Holy Smokes!! that puppy just like the previous 2 chapters were hard but ■■■■■■ absolutely worth it. I enjoyed how this challenge requires the utilisation of multiple binary exploit techniques. Thanks to @R4J for a great challenge :slight_smile:

Glad you liked it, but it was @will135 who made the challenge and not me.

DOH! Dang “First Blood” Tag :slight_smile: lol!

Got it. Pretty awesome this one! If anyone is up for discussing the solution, let me know. afaik, there’s no write up section for challenges, is there?

@rawa said:

Got it. Pretty awesome this one! If anyone is up for discussing the solution, let me know. afaik, there’s no write up section for challenges, is there?

No official one, but xct has a writeup here

Pwned, very nice challenge but why only 80 points??? Less than chapter 1 and chapter 2?

I’ve been working on this one for at least a week and a half now and I’ve had the main vulnerability for a while, but I can’t seem for the life of me to figure out how to leak a segment that I can use to modify control flow. If anyone is willing to chat, I really just need a kick in the right direction, I don’t want spoilers, I just feel like I’m stagnating a bit and I want to learn.

Edit: Actually, I’d like to hold off for just a moment, I might have found something helpful…

Cool challenge : )

This challenge has been a lot of fun and I’ve learned quite a bit, but I’m stuck at actually getting a shell that I can use because of the restrictions imposed by the binary. I have a couple ideas that I’m still looking at, but at this point, I’ve set it up so I can just drop 4K of shellcode to it and it starts executing off. So, execution isn’t the problem…

If anyone is willing to kick me in the right direction to get around those restrictions, i’d be grateful. I’ll edit this response or respond down below if that happens or I find a way around the current problem.

Thank you