Safe

Would love to chat with someone who as completed the bin ex. I have it working but i am struggling to understand why its working. If you have a good understanding of it and can spare a few minutes please let me know.

Hello ,
It is my first time I am attending any active machine . I couldn’t able to figure out what to do after n map . I tried login in to SSH using user & root but it is all password protected . Can anyone PM me the right direction how to proceed further .

I’m happy to help anyone if you have specific questions about the binex feel free to message me. In the interest of efficiency, though, it will probably be pretty beneficial for both of us if you’ve watched some of the videos or read some of the webpages linked in this post. If you message me saying “any hints for binex” or similar, that’s what I’m going to tell you.

When a machine is labelled as “easy” and you have to do reverse engineering just to get user…

Type your comment> @BazSecOps said:

Type your comment> @Kiwi1281 said:

So I feel like a complete idiot for asking this but how can I download the m**** file as all the ways I have tried haven’t given me the file.

Try another port

Thanks you!

Type your comment> @XMA said:

When a machine is labelled as “easy” and you have to do reverse engineering just to get user…

I think the level of a machine is more based on the “root” step than “user”. The user isn’t easy but root was easy as f***

Thanks @deviate, I struggled to find an address where I could write my string, your comment was the last piece I needed to solve the puzzle.

Also, thanks @ecdo for creating a easy box to learn R*P, even though it required a bit of manual labour since ret2libc from the tutorials out there didn’t work

i don’t understand where i have to donwload the binary.
Any hint?

Type your comment> @sh4rk said:

i don’t understand where i have to donwload the binary.
Any hint?

My only comment

just because something looks default, doesn’t mean it hasn’t been touched

[Aug 02 18:30] Ryan412 believes that Safe sucks big time! [ +1 ]

Honestly, that password sums up the entire machine.

I actually really enjoyed doing this box. Getting User took me ages but was worth all the effort to improve on the skills needed. Thanks to @poker1 who kept me sane and pointed me at pwntools lib which will simplify a load of my python code from now on.

Someone ping me I need help I found that port.And i found that ov**Fl*w .

who want to work with me to do this BOF ?

Rooted. Don’t think this box is so bad, it might be worse:) At least I had a chance to hone my skills in R*P. Root part was easy as it should be.

Rooted ! Interesting box.

I’m in the same boat as @Saranraja @sazouki , and @dsavitski above… I know what I need to do but am having difficulty getting it to work. Any guidance would be appreciated.

Type your comment> @aj8417 said:

I’m in the same boat as @Saranraja @sazouki , and @dsavitski above… I know what I need to do but am having difficulty getting it to work. Any guidance would be appreciated.

i managed to exploit the binary on local machine but what i know to get the exploit work remotely we need to add our shell string to memory

Wonderful box, it’s very indicative of how impatient and unwilling to learn some people are. I enjoyed learning ROP a ton, thanks!

Type your comment> @overcrookd said:

Wonderful box, it’s very indicative of how impatient and unwilling to learn some people are. I enjoyed learning ROP a ton, thanks!

Well said!!

Rooted… Good easy box. It’s CTF style, but in my opinion don’t deserve so many dislikes. The first part it’s a very good oportunity to learn/refresh ROP technique with an easy challenge, and second one it’s quite obvious if you know how the involved application works. Thumb up!