@limbernie said:
Well, the source code is there to help you reverse engineer the binary and find the vulnerability. Yes, the vulnerability found in the article was patched but another was introduced. Hint: one of the structs was slightly changed. This may throw you off course.
Thanks!
Can I DM someone about my exploit? It’s working locally but not remotely
■■■■■■■■ this is finnicky. Well on my way to getting something working but I’m lacking an info leak right now. Pretty fun box though, and from my experience; fairly true to life.
Aaaaand rooted! (Good god that took freaking FOREVER, but my first insane box completed!)
Thank you @R4J for this beast of a box!
Some hints for the exploitation process (If mods find this too spoilery, feel free to edit) :
Foothold:
Don’t overlook functions whose name seems irrelevant. I did that and it took me weeks to find the vulnerability.
Disregard the name of this box.
You may want two writes.
User:
It’s not binary exploitation.
Root:
WPICTF
The name of this box is now relevant.
Thanks @limbernie for the tips that got me the foothold! DM me if you want more tips, but I can’t promise the quality of my advice as there’s still a lot I’m still confused about regarding this box (esp for the initial foothold)
so, I was able to rewrite messages the binary is showing when launched locally. Anyway, I’m not seeing how to take advantage of this. May I get some hints about what to do? PM!
same i can inject some strings and then see it on the stack but dont know how to get shell since NX is enabled, can anyone give me a push to the right direction ? thanks !