Ellingson

anyone having troubles with scp ? I can’t seem to transfer the g***** file.

Anyone who has got root mind looking over my code? Not sure why it’s not working when all the addresses and permission look right…

Finally root. That god dammned ROP was raping me.

Did anyone else have an issue using radare2 to get rdi? Didn’t have an issue when I used ropper though.

I’ve rooted so feel free to dm if you need a nudge.

Ahh nvm, I should have read the comments here. Seems like I wasn’t the only one to have that issue.

Type your comment> @Derezzed said:

Did anyone else have an issue using radare2 to get rdi? Didn’t have an issue when I used ropper though.

I’ve rooted so feel free to dm if you need a nudge.

Ahh nvm, I should have read the comments here. Seems like I wasn’t the only one to have that issue.

@Derezzed said:
Did anyone else have an issue using radare2 to get rdi? Didn’t have an issue when I used ropper though.

I’ve rooted so feel free to dm if you need a nudge.

Ahh nvm, I should have read the comments here. Seems like I wasn’t the only one to have that issue.

Yeah I think everyone had the same issue. I don’t have any idea why is that not working. ropper works fine

rooted
This a nice machine.

I’m getting error while doing initial ssh

please help

Need some help with root part. Currently, I’m fighting with “EOF Error”. Can anyone help me?

Got root ! Thanks to @Moshker !

Finally rooted.
Kudos to the maker of this box that made me think hard and learn a ton. That was my first experience with ROP and it was A LOT of fun despite the headaches trying to make it work properly.
I’ll happily help if anyone needs. Just bear in mind I’m not an expert !

Type your comment> @Saiyajin said:

Need some help with root part. Currently, I’m fighting with “EOF Error”. Can anyone help me?

same problem here. the exploit works on my local machine. But when I used it on the target machine, it ended with “Got EOF while reading interactive”. Can anyone help? Thanks a lot.

rooted. thanks to @Phase

Type your comment> @meowzilla said:

Type your comment> @Saiyajin said:

Need some help with root part. Currently, I’m fighting with “EOF Error”. Can anyone help me?

same problem here. the exploit works on my local machine. But when I used it on the target machine, it ended with “Got EOF while reading interactive”. Can anyone help? Thanks a lot.

Since this seems to be the part everyone gets stuck at I’ll chime in. I had this same problem. Worked on it for 4 days without making progress but I finally got it.

If you’re popping a shell locally it is because youre a root user. Now the file has the ABILITY to be ran as a root user but you need to somehow call that function to invoke it in your exploit. If you follow the ippsec video you should be good with with a minor change in stage two. I would recommend even to spin up a Ubuntu machine with the same privileges as the box. If you can get it to work there you can get it to work on the machine.

I hope I haven’t spoiled to much. What I would really urge you you do is watch the ippsec video a few times before actually attempting it then go learn about BOF’s and how they actually work.

Once you know that you can actually use gdb to debug the program and what’s actually getting pushed into rdi, etc.

Good luck!

Type your comment> @Phase said:

Type your comment> @meowzilla said:

Type your comment> @Saiyajin said:

Need some help with root part. Currently, I’m fighting with “EOF Error”. Can anyone help me?

same problem here. the exploit works on my local machine. But when I used it on the target machine, it ended with “Got EOF while reading interactive”. Can anyone help? Thanks a lot.

Since this seems to be the part everyone gets stuck at I’ll chime in. I had this same problem. Worked on it for 4 days without making progress but I finally got it.

If you’re popping a shell locally it is because youre a root user. Now the file has the ABILITY to be ran as a root user but you need to somehow call that function to invoke it in your exploit. If you follow the ippsec video you should be good with with a minor change in stage two. I would recommend even to spin up a Ubuntu machine with the same privileges as the box. If you can get it to work there you can get it to work on the machine.

I hope I haven’t spoiled to much. What I would really urge you you do is watch the ippsec video a few times before actually attempting it then go learn about BOF’s and how they actually work.

Once you know that you can actually use gdb to debug the program and what’s actually getting pushed into rdi, etc.

Good luck!

Thanks a lot. This hint helped!

Can anyone help with writing the exploit.
I wrote exploit but my stage2 doesn’t trigger. I tried everything I could think of. Any help would be appreciated.

Hey can anyone give me some pointers on the binary exploit? I managed to get it working locally, but realized that the target machine doesn’t have the library i used to create the exploit and I’m kind of at a loss at how to translate the exploit over to generic python. I tried coping over a copy of the library and installing it, but that failed.

Type your comment> @Kwicster said:

Hey can anyone give me some pointers on the binary exploit? I managed to get it working locally, but realized that the target machine doesn’t have the library i used to create the exploit and I’m kind of at a loss at how to translate the exploit over to generic python. I tried coping over a copy of the library and installing it, but that failed.

Maybe that specific library has an ssh function? :slight_smile:

Quick question, I added my self to something so I could SSH in yesterday. Today I could not get in. So I reset the box and added my self again. Still asking for password. Any ideas?

EDIT
UGH… Typing is hard… back in

I’ve been working for a few days on exploit, but I think I’ve lost sometime. I think I got the points I need to get root it’s the first time a write a exploit using ROP, but I could not find the right function on stage 2. If anyone can help me, I’m grateful.

Type your comment> @skate4ever said:

I’ve been working for a few days on exploit, but I think I’ve lost sometime. I think I got the points I need to get root it’s the first time a write a exploit using ROP, but I could not find the right function on stage 2. If anyone can help me, I’m grateful.

PM me. I’ll help you out.

What amazing box! This my first by e***on box, and it is awesome, that it works!
For those who is struggling with “EOF interactive” issue: ippsec redcross box walkthrough shows you missing “link of the chain”.

Feel free to PM if you need help:)

If anyone is asking, hashes can be cracked.