Official Hunting Discussion

Official discussion thread for Hunting. Please do not post any spoilers or big hints.

Comments

  • I got the flag leaking locally but it just segfaults on the remote side and I have no idea why :(

  • Try to exit properly at the end of your "exploit" I have done the challenge
  • Hey @christrc , thanks for the tip but locally I am exiting properly without causing any fault

  • Can I PM you for help?

  • Type your comment> @travisjayday said:

    Can I PM you for help?

    did you get flag?

  • can anyone help?

  • @MRWhiteCap no I haven't. I've tested my exploit on various machines locally but the remote always just throws SIGSEGV. From my debugging, I figured the remote must do something strange with catching signals, preventing my "exploit" from hooking certain signal handlers properly. But I just don't know how to debug it. Maybe there's a different approach.

  • Type your comment> @travisjayday said:
    > Can I PM you for help?

    Yes if you want
  • I'm almost there. Locally I found the pointer to the flag, but I fail to bring it to stdout. Always I get an exit code 31 when using the available method. Any hints please.

  • Finally. Size matters...

  • I've been stuck on this one for a few days. Is there anyone still checking this I can ask in more detail about where I'm at and maybe be able to push towards my next step?

  • Thanks @clubby789 for a good challenge. I went down wrong signal path but found the bugger!

  • Quite a ride, got it in the end.

    If somebody is asking why it does work locally, try it in 32bit system. In mine (64bit) it was not working and a new vm did the trick for testing

    If you need help reach out to me

  • I've just wonder, if this a bug or a challenge part that it calls non-executable memory on my Kali 2.31 libc? Challenge seems quite easy, but that is a bit weird.

  • Confirmed. This challenge does NOT work on x64 system correctly, because memory regions are not executable. It is completely different for x32. Lost a lot of the time in searching hidden tricks... :-(

Sign In to comment.