Type your comment> @0xcursed said:
Finally managed to get shell on remote. For those got it locally but not remotely; Make sure libc version is correct and debug it on socat environment as @reisraff said.
Major hint: Socat is not innocent and restricted chars can be bypassed.
i have a local exploit working, and i can leak an address (to calculate another) and the address of my payload, but i can’t write certain chars. any hints on how to bypass the restricted chars? PM me