Ellingson

Type your comment> @mogyub said:

I’m creating a custom wordlist to crack some hashes, anyone know a good mutator? I’ve tried rsmangler but it always crashes when I try the --full-leet option.

It’s not necessary. Try one of the ones that come with kali.

Working on root. Trying to follow the CampCTF video recommended, however, I have no previous experience in this general area, not even the easier types. When it gets to the R2 part, (around 9:09), it returns nothing for rdi. I suppose I could use rbp instead? What other changes would I need to make with this substitution? Should I instead first learn some of the challenges to build up knowledge in this area? Thanks guys, I love the HTB community!

Type your comment> @neversploit said:

Working on root. Trying to follow the CampCTF video recommended, however, I have no previous experience in this general area, not even the easier types. When it gets to the R2 part, (around 9:09), it returns nothing for rdi. I suppose I could use rbp instead? What other changes would I need to make with this substitution? Should I instead first learn some of the challenges to build up knowledge in this area? Thanks guys, I love the HTB community!

I found myself stuck here to. Talking with other members, I was made aware of other tools other than radare that can achieve this. One is called ropper. I suggest watching the video a few times first to see what’s going on. At the end he shows you how to use pwntools to automate this. What I did was the automatic way and once its ran It should show you the values you’re looking for. I could’t get the automatic way to work so I just got the values from it and did it the manual way.

Still having EOF errors but I’m almost there.

Type your comment> @Phase said:

I found myself stuck here to. Talking with other members, I was made aware of other tools other than radare that can achieve this. One is called ropper. I suggest watching the video a few times first to see what’s going on. At the end he shows you how to use pwntools to automate this. What I did was the automatic way and once its ran It should show you the values you’re looking for. I could’t get the automatic way to work so I just got the values from it and did it the manual way.

Still having EOF errors but I’m almost there.

Thanks, I’ll check it out!

Have an exploit for g******, just need to figure out how to execute it on remote machine :confused:

Got EOF while sending/reading in interactive
on the second stage
could anyone help ?

Finally got root!
It took me a long time to solve the EOF problem, at least I understood now what the problem was.
:+1:

Can’t seem to reverse shell, ssh, crack hashes I feel like I’m lost here. Can anyone shoot me a pm please with some direction?
edit: got user.txt, i was impatient

Type your comment> @CarterJ said:

Can’t seem to reverse shell, ssh, crack hashes I feel like I’m lost here. Can anyone shoot me a pm please with some direction?
edit: got user.txt, i was impatient

Can i shoot you a PM…i need a help…

Type your comment> @ghost0437 said:

Type your comment> @CarterJ said:

Can’t seem to reverse shell, ssh, crack hashes I feel like I’m lost here. Can anyone shoot me a pm please with some direction?
edit: got user.txt, i was impatient

Can i shoot you a PM…i need a help…

sure

For root I’m having a hard time with leaking address in stage 1. When printing it out I sometimes get a mangled address. Has anyone else seen this? Is this normal?

Type your comment> @zweeden said:

For root I’m having a hard time with leaking address in stage 1. When printing it out I sometimes get a mangled address. Has anyone else seen this? Is this normal?

The address changes each time so it’s normal. Just work on converting it and then using it to calculate the addresses of the other gadgets you need :slight_smile:

anyone having troubles with scp ? I can’t seem to transfer the g***** file.

Anyone who has got root mind looking over my code? Not sure why it’s not working when all the addresses and permission look right…

Finally root. That god dammned ROP was raping me.

Did anyone else have an issue using radare2 to get rdi? Didn’t have an issue when I used ropper though.

I’ve rooted so feel free to dm if you need a nudge.

Ahh nvm, I should have read the comments here. Seems like I wasn’t the only one to have that issue.

Type your comment> @Derezzed said:

Did anyone else have an issue using radare2 to get rdi? Didn’t have an issue when I used ropper though.

I’ve rooted so feel free to dm if you need a nudge.

Ahh nvm, I should have read the comments here. Seems like I wasn’t the only one to have that issue.

@Derezzed said:
Did anyone else have an issue using radare2 to get rdi? Didn’t have an issue when I used ropper though.

I’ve rooted so feel free to dm if you need a nudge.

Ahh nvm, I should have read the comments here. Seems like I wasn’t the only one to have that issue.

Yeah I think everyone had the same issue. I don’t have any idea why is that not working. ropper works fine

rooted
This a nice machine.

I’m getting error while doing initial ssh

please help

Need some help with root part. Currently, I’m fighting with “EOF Error”. Can anyone help me?

Got root ! Thanks to @Moshker !