Safe

Wonderful box, it’s very indicative of how impatient and unwilling to learn some people are. I enjoyed learning ROP a ton, thanks!

Type your comment> @overcrookd said:

Wonderful box, it’s very indicative of how impatient and unwilling to learn some people are. I enjoyed learning ROP a ton, thanks!

Well said!!

Rooted… Good easy box. It’s CTF style, but in my opinion don’t deserve so many dislikes. The first part it’s a very good oportunity to learn/refresh ROP technique with an easy challenge, and second one it’s quite obvious if you know how the involved application works. Thumb up!

Rooted.

I’m not sure why there’s all the hate surrounding this box.

User was a lovely B** & R**

Root wasn’t particularly difficult if you have any experience with k*****s, or you know how to use basic Google at a basic level. Make sure you don’t ignore anything that’s given to you, especially when it’s staring you right in your face.

Feel free to pm me if anyone needs a hint in the right direction :slight_smile:

Rooted! Love the user part, root was interesting but pretty CTF-like. Overall pretty decent box.

Feel free to PM me if you have any questions

Someone can give me a hint (PM)? I can’t see how use the gadgets that I found to write my string into memory.

Type your comment> @adelmatrash said:

Someone can give me a hint (PM)? I can’t see how use the gadgets that I found to write my string into memory.

same…

If you don’t have gadgets take a different approach. > @sazouki said:

Type your comment> @adelmatrash said:

Someone can give me a hint (PM)? I can’t see how use the gadgets that I found to write my string into memory.

same…

If you don’t have gadgets to write take a different approach… Maybe there’s something else in the binary that allows you to do what you want easily.

There’s at least 1 gadget that you can use, r2 failed to find it though, so I used ROPgadget instead

Can’t believe this machine is rated ‘Easy’, I am still stuck on trying to exploit the binary.

Stuck at BOF, I cannot even make it work locally. Some hint or blog to read which could help me?

Any clue or help on how to download the binary? I’m on the highport and interacting with the exception but no idea how to download it…

EDIT: SOLVED

I’m stuck with exploiting the binary when aslr is on :frowning: Help me?

Hints for buffer overflow:

  • If you own the stack, you own the IP
  • Make sure you look at all the functions available to you, even if they aren’t called
  • “set disable-randomization off” in gdb helps see what you have and what you can’t count on

Since it’s an easy machine, at least should have made it obvious what function was easily exploitable on the binary. I did the binary exploitation with 2 different methods, but the intended way could be kind of easy to miss in the first place if you’re not familiar with the exploitation.
That being said if you feel lost, feel free to PM me on htb or discord sanre#5436. Don’t pm on forums since I’m not checking the inbox too often.

Really stuck on how to exploit the fact that the program is vulnerable to BOF. If someone is able to pm me on discord it would be helpful :smiley:

oneill#0460

How to write /bin/sh to the d**a section (or any writable section really)?
Edit: Solved and rooted!

Spoiler Removed

Great box IMHO. A great exercise for someone new to binary exploitation like myself. Some advice:

User:
I had trouble finding the correct commands to send what I needed to send to the binary. The “cat” command without a file name reads from stdin. So “(cat payload_file; cat) | ./vulnerable_binary” may be what you need to test your exploit payload.

Root:
The file that stands out - it can be “locked” with more than just a password.

Finally rooted! From my point of view not an easy machine for people inexperienced on binary exploitation but really good to learn! Some advice for user would be to think about what you’ve got, you can use those things on your favour. As for root, do not spend too much time on cracking hashes, it should be really quick! PM me if you need hints!