Official Attended Discussion

13»

Comments

  • Finally rooted this sucker. What a lot of work that was! Huge respect to @guly and @freshness for such a great box. Taught me a lot. Keep plugging away everyone - that hard work will pay off!

  • Hey guys... a little nudge please on foothold.... Just started this box yesterday and have figured out the RCE path from guly's response. I can successfully get a ping back but not a reverse shell... Anyone available to run a quick sanitization on my code? Thanks

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • Type your comment> @sicario1337 said:
    > Hey guys... a little nudge please on foothold.... Just started this box yesterday and have figured out the RCE path from guly's response. I can successfully get a ping back but not a reverse shell... Anyone available to run a quick sanitization on my code? Thanks

    Yep PM me
  • Finally User is done... Much thanks @camk

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • Type your comment> @onetimepad said:

    Finally rooted this sucker. What a lot of work that was! Huge respect to @guly and @freshness for such a great box. Taught me a lot. Keep plugging away everyone - that hard work will pay off!

    Hey, is there any other way how to rooted this tough one? I've been trying to pwn "the binary" for a while but considering the fact this is the stripped one, with NX enabled, and 64-bit compiled on BSD, it seems my ROP skills aren't good enough for such a challenge. I found which parameter and how is causing segfault but been playing with exploit and no luck... any nudges anyway? ... pm, thx...

    xtk

  • I can execute commands now with g**y, could somebody pm me where the flag is located? Or should I look for another user to get the user flag?

  • Type your comment> @czuczi said:

    I can execute commands now with g**y, could somebody pm me where the flag is located? Or should I look for another user to get the user flag?

    you need to privesc to guly's co-worker

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • Picking this box up again after a long break. I think I have the pieces I need to get to root - BF param, service to target, obscure port. Now trying to generate a file in a format the service will accept, with the content I need, and struggling to get something working well enough to trigger the BF. Can anyone give me a nudge towards the right technique?

  • edited May 5
    One step further - I can generate a file in the right format to trigger the B_F. Now trying to come up with a useful R_P c___n with the very limited number of gadgets available.

    Update: rooted. Man this box was hard, probably the hardest one I've done so far. Thanks @all and @sicario1337 for your help and encouragement along the way.

    Awesome concept, thanks @guly and @freshness!
Sign In to comment.