Safe

Hi All,
Could anyone help on the exploit to the machine.

Hey All, This is my first ROP challenge. watched some youtube videos a couple of times, also the one that was mentioned here earlier, read some similar CTF writeups also trying to learn pwntools a little better but the recvline stuff is throwing me off. Think I’m stuck at leaking puts.
Also not sure if i’m over-complicating it. I find it hard to learn this. Anyone got some tips or recommended learning material?

rooted. The toughest Easy machine for me due to lack of my ROP experience.
Thank you @quantatic for your advice, and also I respect to @ecdo for an interesting machine.
After all, I obtained a shell by only 2 functions, so it supposed to be an Easy machine if you are familiar with stack and function call.

Any chance of a PM regarding getting my exploit to run locally? It’s just hanging at the moment.

For those who are still trapped in the binary, a tip, look at the code they gave you everything there for something, do not think so much about ret2lib but if in R * P, you have the function you need just call it back passing other values and now , you don’t need to do a shellcode or anything I just execute a command interpreter.
well i’m stuck in the root if someone could help from inside would be helpful

Root ok
I already have root, for the root everything is in sight, read well the tool you want to use before ha *** at and you will see what to do

Hello! It is the first time I am trying anything different from nice and easy stack execution. I have spent many many hours trying to get this to work. Could please somebody pm to offer some help on continuing to the correct direction? Thank you!!

hey there ,
i manage to run the app locally but i am having hard time make it work remotely !!!
can anyone pm me to give me a hint

Encountering this kind of challenge for the first time and so I am not able to get a foothold. Would someone please recommend me some resources to get started with? Any specific IPPsec videos maybe?

Can someone PM me to help me with root?

Got it

Type your comment> @nospace said:

Encountering this kind of challenge for the first time and so I am not able to get a foothold. Would someone please recommend me some resources to get started with? Any specific IPPsec videos maybe?

Have a look at IPSec’s Bitterman video.

Does anyone have an idea how I can get hashcat to run in a VM environment when I can’t use GPU? I’ve tried all the results I’ve found online but I still can’t get it to work.

OK. I have the root password from k**"£ss but I can’t login with it. WTF? Any clues?

Does anyone have an idea how I can get hashcat to run in a VM environment when I can’t use GPU? I’ve tried all the results I’ve found online but I still can’t get it to work.

If I recall corrently, the ‘–force’ option should work.

I tried that but still nothing. I used jtr in the end which went fine.

Thanks though :slight_smile:

I found high port 1**7 but I didn’t fine binary file. Could anyone give me any hints?

@putuamo You can get the app itself from the regular port. Poke around a little bit and you should find it.

I was able to get the app, offsets, and put together the start of an exploit based on IppSec’s Bitterman video, but having trouble reading data from the app when using pwntools. When I run the exploit I don’t get a seg fault anymore and it just exits normally. I read earlier posts about issues with the \n character and have tried several other methods of reading data, but no luck. Any hints on the right direction?

Hey guys, having a really hard time getting started on this one… I’m assuming I should be focusing on the ***7 port but alas my web skills are not as good as most of you. Any of you care to help a n00b stop being a n00b :smile:

@S0l3x , I am in the flames of ■■■■ trying to learn this box but I can tell you that you need to get ahold of the binary and analyze the ■■■■ out of it! My brain is ffried LOL

Good day, everyone!

I have beend trapped with writing my own exploit to get into the secret function (seems that it has what we need).
I’ve tryed to read bunch of useful sites like ret2rop, watched few bof videos, even tryed to override returning address directly through gdb - still have no success at all.
I have vague thought, that it can be also problem of my environment (VMware Kali x64)

If anyone has some good learning materials or maybe, some hints about how to correctly overflow buffer, please pm me here or in the discord

I’m having a hard time finding the “interesting binary” from the lower port. So far I used manual enum or dirb, none of these seem to help me. Anyone could send me a gentle nudge?