Probably the hardest user I’ve ever done, but well worth the effort. Thanks to @limbernie and @seekorswim for tips, and @verdienansein for working with me on it. Now onto root!
I actually found a buffer overflow and built an almost complete exploit for it. Then I took an arrow to the knee and had to reformat.
Will still finish that exploit once I’ve owned this one
For root l**c address needs to be bruteforced?
@verdienansein said:
For root l**c address needs to be bruteforced?
I haven’t even seen it, but I’d still say “no”, as it’s not really feasible unless the creator has made the effort to build from source with a weak config.
I’ve got a root exploit that pops shell locally, but seems to leak the wrong offsets on the remote
Type your comment> @clubby789 said:
I’ve got a root exploit that pops shell locally, but seems to leak the wrong offsets on the remote
Do you have the same version of libc?
@scud78 said:
Type your comment> @clubby789 said:
I’ve got a root exploit that pops shell locally, but seems to leak the wrong offsets on the remote
Do you have the same version of libc?
I switched to the box’s version of libc for running the exploit, I have it downloaded.
I have problem with libc too in initial step, downloaded but something wrong
Did you get the right one? i386 v amd64? ^^
Type your comment> @clubby789 said:
@scud78 said:
Did you get the right one? i386 v amd64? ^^
file
tells me it’s 64 bit, so I think so
And is the binary you’re exploiting a 64-bit binary? The first one you come across isn’t…
Finally rooted.
Root was ■■■■ and frustrating because of the long time the script takes over the network.
Learnt really a lot!
Happy 2020 everyone! Would someone care to give me some nudges towards the foothold? I have (most of?) the pieces I think, looking for the way forward.
Definitely the hardest box I’ve ever done. Well worth the effort though.
Foothold:
- Play with the inputs, you can break something
- Dig around and once you find it, study it
- Finding the source (it’s been modified) will help you understand it and develop your exploit
- You might see something vulnerable, which can be very powerful.
User:
- It’s not really binexp
Root:
- Look at the name, and find the vulnerable part
thanks
thank you @r4j for this box. It is so perfectly put together. my hint would be when you are in your darkest hour, go byte by byte
Can someone help me with foothold-to-user binary? i found potentially vulnerable function, but dont exactly understand how it works.
Finally had some time to spend on this very entertaining box
Just to confirm; the user j* isn’t the one who has the user flag, right? Is that the user r*?
Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me
Type your comment> @mosaaed said:
Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me
Which one? If you mean the first one, there might be another way.