Type your comment> @SecThor said:
Thought this is an easy box…
Anyway, I’m completely new to binary exploitation (‘how to use gdb?’ level kind of new…)
and having hard time to even run the app in gdb.
Hitting ‘r’ or ‘run’ returns “Warning: not running” msg and no interaction at all. Is it me or my setup have no clue at all.
It’s easy, if you have a background in reverse engineering. Reveng the binary, take a look at the code and it’s immediately obvious what you have to do. If, and only if, you know your assembly. Otherwise, it’s a nightmare. The usual ROP tools fail to work or only tell you half the story needed for the binary, it’s not exactly a standard “pop the rdi and return to the syscall” ROP chain. Not too terrible, but IMO at least above the paygrade of a box suitable to a beginner of reversing.
The root part on the other hand is trivial and mostly “use the right tools and go get a coffee”.