Redcross

@evandrix said:
golang is my goto for static compile cross-platform binaries

+1 <3 golang…

If any of you folks who have found multiple privesc paths would mind passing along some general directional guidance to finding the non-bof methods, I’d be very grateful… thanks!

Edit: root, no bof needed. In retrospect that wasn’t so bad … once again be thorough and systematic with your recon (and don’t get hung up on early entries in the forum…).

@LegendarySpork said:
If any of you folks who have found multiple privesc paths would mind passing along some general directional guidance to finding the non-bof methods, I’d be very grateful… thanks!

Just rooted without touching the bof. It’s all in how the site works normally and if you can poke around you can see how to use certain functionality to your advantage.

Could anyone give some pointers on performing the bof? I followed some guides for this architecture but couldn’t figure out how to get it to work…

@redout said:

Just rooted without touching the bof. It’s all in how the site works normally and if you can poke around you can see how to use certain functionality to your advantage.

Could anyone give some pointers on performing the bof? I followed some guides for this architecture but couldn’t figure out how to get it to work…

I second this. I started in on the BOF and then quickly got mired in the nuances of the architecture and ASLR. I would love a link or links to reading material. (Not even looking for nudges, just background.)

@LegendarySpork said:

@redout said:

Just rooted without touching the bof. It’s all in how the site works normally and if you can poke around you can see how to use certain functionality to your advantage.

Could anyone give some pointers on performing the bof? I followed some guides for this architecture but couldn’t figure out how to get it to work…

I second this. I started in on the BOF and then quickly got mired in the nuances of the architecture and ASLR. I would love a link or links to reading material. (Not even looking for nudges, just background.)

+1

@LegendarySpork said:

I second this. I started in on the BOF and then quickly got mired in the nuances of the architecture and ASLR. I would love a link or links to reading material. (Not even looking for nudges, just background.)

Also could use help with this. I’m seeing multiple overflows, with different techniques and limitations for each. The few guides I’ve found don’t seem to match up with what I’m seeing, or are specific to their own binary, so they’ve rigged it to be easy to follow so they’re not explaining all the steps.

@cdf123 said:

@LegendarySpork said:

I second this. I started in on the BOF and then quickly got mired in the nuances of the architecture and ASLR. I would love a link or links to reading material. (Not even looking for nudges, just background.)

The few guides I’ve found don’t seem to match up with what I’m seeing, or are specific to their own binary, so they’ve rigged it to be easy to follow so they’re not explaining all the steps.

I run into this a lot when trying to learn stuff, especially with regards to any sort of Pwn or Reversing type challenge.

I’ve been stuck on getting root.txt for days now. I’ve been busy toooo long with i****tl I think.

Spoiler Removed - egre55

Spoiler Removed - egre55

Interesting machine, first stage is about “Guest-IT” and other stages are about jumping back and forth.

Can be Rooted pretty easily without going for User

Hi All, could really use some help on this one. I have managed to get the jail environment and access to the ic**. file, I have compiled this locally but I am struggling getting the ret2libc working. I seem to struggle with BOF, and I have heard about other ways to root. so really just looking for a few pointers really. A PM would really be appreciated. Thanks in advance.

@Tellson said:
Hi All, could really use some help on this one. I have managed to get the jail environment and access to the ic**. file, I have compiled this locally but I am struggling getting the ret2libc working. I seem to struggle with BOF, and I have heard about other ways to root. so really just looking for a few pointers really. A PM would really be appreciated. Thanks in advance.

I’m more or less at the same spot, but haven’t even got the idea of compiling and trying to BOF locally. But my question is regarding the access over the panel. The file states, it is accessible. But the pages I have access to, do not offer the same options. Do I have to find another page?

@tellson and @0x23B PM me … I’m n3v1l to discuss it.

Cool box. I like that there’s multiple options. The “easy” way still wasn’t easy for me, it was definitely the first time I did anything like that, but it was relatively realistic and had good, logical progression between steps, so it was fun (although frustrating at times).

If anyone escaped the jail, could you PM me? I’m still looking for a way to do that but I haven’t found one yet. Thanks to @ompamo for the box, and @opt1kz, @LegendarySpork, and anyone else who helped me, I couldn’t have done it without your guidance and sanity checks.

Holy smokes. That…was…NICE! Felt like a realistic CTF. Perfect blend!

Note: Box is a little wonky sometimes though. Don’t hesitate to retry your exploits before moving on to something else.

When binary exploitation is too hard, just give yourself root.

Did the binary exploit was super fun and good practice. Great box

I’m very stuck for days in the ad**n panel (I already got the way to “log as” that user), try a lot of things, each of them more esoteric than the others… But I don’t realize how to advance to next step…

Is someone able to give me a nudge? Thanks in advance !

Done. rooted first. lots of hoping around and some goofy ■■■ ■■■■. Special thanks too @rotarydrone . My advise would be the same as I have seen prior. figure out how this thing works.