Type your comment> @clubby789 said:
I’ve got a root exploit that pops shell locally, but seems to leak the wrong offsets on the remote
Do you have the same version of libc?
Type your comment> @clubby789 said:
I’ve got a root exploit that pops shell locally, but seems to leak the wrong offsets on the remote
Do you have the same version of libc?
@scud78 said:
Type your comment> @clubby789 said:
I’ve got a root exploit that pops shell locally, but seems to leak the wrong offsets on the remote
Do you have the same version of libc?
I switched to the box’s version of libc for running the exploit, I have it downloaded.
I have problem with libc too in initial step, downloaded but something wrong
Did you get the right one? i386 v amd64? ^^
Type your comment> @clubby789 said:
@scud78 said:
Did you get the right one? i386 v amd64? ^^
file
tells me it’s 64 bit, so I think so
And is the binary you’re exploiting a 64-bit binary? The first one you come across isn’t…
Finally rooted.
Root was ■■■■ and frustrating because of the long time the script takes over the network.
Learnt really a lot!
Happy 2020 everyone! Would someone care to give me some nudges towards the foothold? I have (most of?) the pieces I think, looking for the way forward.
Definitely the hardest box I’ve ever done. Well worth the effort though.
Foothold:
User:
Root:
thanks
thank you @r4j for this box. It is so perfectly put together. my hint would be when you are in your darkest hour, go byte by byte
Can someone help me with foothold-to-user binary? i found potentially vulnerable function, but dont exactly understand how it works.
Finally had some time to spend on this very entertaining box
Just to confirm; the user j* isn’t the one who has the user flag, right? Is that the user r*?
Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me
Type your comment> @mosaaed said:
Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me
Which one? If you mean the first one, there might be another way.
.
anyone know how to create perfect exploit for first step?
I don’t wanna brute force stack return address.
Any idea how to do it?
@Skajd said:
anyone know how to create perfect exploit for first step?
I don’t wanna brute force stack return address.Any idea how to do it?
What if I told you there is no return address?