[Pwn] No Return

DIdn't see a discussion so I thought I'd start one. I've got something basic working, struggling to develop into something useful.

clubby789

  • GCIH
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Tagged:

Comments

  • Definitely not ret2libc. Return to something else maybe?

    limbernie
    Write-ups of retired machines

  • Fun challenge :)

  • edited March 30

    I have a suspicion, but gadgets are sparse :/

  • @limbernie said:

    Definitely not ret2libc. Return to something else maybe?

    It would be hard to without ret or libc! I'm looking into seeing if I can find any treasure in the junk.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • There is a good paper of 2010 about JOP

    Hack The Box

  • After 6 hours solid work, I finally owned this. Great brainfuck challenge!

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • There's no need to read any paper

    R4J

  • It actually helps, it give me an hint on what to do, of course it can be solved without reading anything

    Hack The Box

  • Good challenge. Waiting for the last of three.

  • ughhh i thought this was gonna be easy as pie until i saw no pages were mapped rwx :T

    0x41

  • edited April 16

    Pretty nice challenge.

  • @ano12 said:
    Pretty nice challenge.

    If you need help. PM me.

  • I need help with the first step to expand the stack.

  • Hey, people.....
    i need a hint please.

    does we need to use system (kernel) functions from vdso?
    or we need to use only JOP's from elf?

    can you share some material for this exploit technique?

    thank you.

  • ah, yes, i am be able to do infinite loop in the end of the elf. but it is waiting for "tty input".
    is this a right way?

  • done it!
    there are two solutions.
    front ret, or middle anti-loop-ret :)

  • edited April 27

    Could use a hint :) trying to get s**p to work, im able to call r*_s*******n, but it segfaults right after. Am I heading the right way?

  • edited April 28

    Spoiler Removed

  • edited April 28
    I am totally lost. Gadget was work, but arrange the stack is painfull. Always got segfault.

    EDIT: finally got it.
    Learning some new technique
  • Great challenge .

    hard to get the right JMP , but when you find it its straightforward .

  • What an interesting challenge.
    Learned that a certain instruction behaves differently in an error case when inside a virtual machine. Managed to avoid the error and got it to work in the end.

  • edited May 16

    Done & Dusted! A nice and easy challenge coming after doing those Dream Diary Challenges. Thanks to @chirality for a good challenge.

    Wx

  • Any hint on this found the jump but nothing, I would like to discuss my idea with anyone if I’m on the right path. PM is fine with me
  • Complete!
    Learn a lot. Thanks to the creator of this, @chirality
  • edited May 22

    i solved it in a very roundabout way and feel like i'm missing something that would make this easier. if someone would like to share their solutions with me, i'd love to see them

    EDIT: seen a writeup now, could've been solved much shorter, but i like my way better :P

    0x41

Sign In to comment.