Little Tommy

working on this challenge for a while. i think i am missing a very small crucial piece of information. anyone care for a nudge? thanx guys.

finished it just now… very interesting one… good knowledge for actual forensics.

@briyani said:
finished it just now… very interesting one… good knowledge for actual forensics.

this is not Forensics Challange …

@Agent22 said:

@briyani said:
finished it just now… very interesting one… good knowledge for actual forensics.

this is not Forensics Challange …

My bad. I just finished this Reminiscent and posted here. My bad. :anguished:

hello there, I need a little push.
*** spoiler ***

I’ve got it to execute the system syscall and i thought that the condition to execute it was the flag but no . And since there would be no point to get a shell here cant think of any other possibility. any tips would be welcome thanks.

Hello, I could use some help with this one too. Hopefully without giving too much away, I see that account deletion may have an issue but I’m not having much luck doing anything with it. Am I on the right track and if so can someone give me a nudge forward? Cheers.

Im new with that kind of challenge, any nudge from where to start? How to read the ELF files…

anyone can help me to do this ???

I usually hate challenges but decided to do this one since I’m done with all the boxes, it was a funny one specially when I saw one of the words :smiley:

I’m also stuck on this challenge. Have been trying for a couple days to get the flag but no luck. Can anyone PM me about this for any hints?

Very intrigued by this challenge; without much of a clue as to where to go. I am aware of the protostar VM series to help practice this method. Does anyone know of any other courses/machines available to help provide the skills necessary to tackle these pwn challenges?

I’m nearly there, but i cannot do the last step. Someone pls PN me to give me a little hint?

Finally figured out how to exploit it locally. But, how the ■■■■ do you connect to the instance? I tried netcat, but I get “Can’t parse http://docker.hackthebox.eu:59218/ as an IP address”

EDIT: Moments after this post, I figured it out. Not with netcat, but with socat, “socat - TCP:docker.hackthebox.eu:59218”

I would like to know the proper command syntax for netcat though.

@master41 said:
Finally figured out how to exploit it locally. But, how the ■■■■ do you connect to the instance? I tried netcat, but I get “Can’t parse http://docker.hackthebox.eu:59218/ as an IP address”

EDIT: Moments after this post, I figured it out. Not with netcat, but with socat, “socat - TCP:docker.hackthebox.eu:59218”

I would like to know the proper command syntax for netcat though.

The syntax with netcat is:

nc docker.hackthebox.eu 59218

Using the port that you provided and my netcat is named nc, but yours may be named ncat or netcat.

I very new on this challenge. But I know what’s a buffer/stack overflow. But I not understood 1) how detect the overflow ? I see that if past A*1000+ overwrite the lastname 2) How to understand that I have to use netcat command ? (I know because I saw a video in the past) only for that!

I don’t know if anyone has figured it out and wants to give a nudge, but I stuck on this challenge because I cannot get the program to segfault. It does not seem to care how large a pattern I use. Strange…

It was easy, I did it. I run it on the server and it worked. But it doesn’t work on local kali. What is the problem of address space on the local? Is there any setting for os kernel?

@caglar said:

It was easy, I did it. I run it on the server and it worked. But it doesn’t work on local kali. What is the problem of address space on the local? Is there any setting for os kernel?

It does work locally except for the actual flag will not be printed by menu item 5 . Since the flag can not be found on your Kali or attacking VM, but on the remote container instance, it will not print anything locally. The work required to print the flag inside the programme can be triggered choosing menu item 5.

If you don’t understand what you did remotely, you must have got a spoiler from someone.

@LVx0 said:
I don’t know if anyone has figured it out and wants to give a nudge, but I stuck on this challenge because I cannot get the program to segfault. It does not seem to care how large a pattern I use. Strange…

First try to trigger a use-after-free() vulnerability in the programme. It’s quite obvious which menu item you can do it with. Only after you should try to overflow the heap with an input of a large enough string. After you successfully exploited it, the EAX register should contain the value of ‘■■■■’ , which is exactly 0x6b637566 (in little-endian order) . The minimum size of the exploit string needed you can find with radare or any debugger, then add 4 bytes to the end with string above.

I waste 3 days trying to reproduce locally in Kali. Don’t waste your time in Kali, when you know what you have to do, try remotely. The behavior from local to remote is different!