thank you @r4j for this box. It is so perfectly put together. my hint would be when you are in your darkest hour, go byte by byte
Can someone help me with foothold-to-user binary? i found potentially vulnerable function, but dont exactly understand how it works.
Finally had some time to spend on this very entertaining box
Just to confirm; the user j* isn’t the one who has the user flag, right? Is that the user r*?
Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me
Type your comment> @mosaaed said:
Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me
Which one? If you mean the first one, there might be another way.
.
anyone know how to create perfect exploit for first step?
I don’t wanna brute force stack return address.
Any idea how to do it?
@Skajd said:
anyone know how to create perfect exploit for first step?
I don’t wanna brute force stack return address.Any idea how to do it?
What if I told you there is no return address?
Type your comment> @scud78 said:
…
What if I told you there is no return address?
hmm this have sens. I GOT it thx
i m kinda confused at the beginning itself
Type your comment> @clubby789 said:
Definitely the hardest box I’ve ever done. Well worth the effort though.
Foothold:
- Play with the inputs, you can break something
- Dig around and once you find it, study it
- Finding the source (it’s been modified) will help you understand it and develop your exploit
- You might see something vulnerable, which can be very powerful.
User:
- It’s not really binexp
Root:
- Look at the name, and find the vulnerable part
Great tips.
I’ve found the binary and the original source code, I guess they patched the bof that was known, so now I don’t know how to find anything new.
Any help debugging please? I’m terrible at reversing binaries
Rooted. Learned a lot. Thanks to the creator.
PM me if you are stuck.
I’m having issues finding the binary file / source code. I found an interesting file that looks like it should be in the correct directory but I can’t open it with my debugger. Any hints?
Can someone confirm for the first 32bit binary are we looking for a type of exploit that rhymes with doormat ping? Did anyone actually exploit a BO in the first binary?
Type your comment> @bu77er0verfl0w said:
Can someone confirm for the first 32bit binary are we looking for a type of exploit that rhymes with doormat ping? Did anyone actually exploit a BO in the first binary?
You are correct sir. Well that will help its not the entire exploit.
So I have found the F***** S***** exploit thingy on the HS** binary…
Can you nudge me a alittle bit as in what direction I should aim?
And also I get a SgF** in Li*c. if that helps when IP points to 41414141…
So I think perhaps Im going somewhere atleast…