I’m stuck here as well. I created a payload that overrides ESP with the function I want to jump to address and got this when running locally:
“Hurry up and try in on server side.”
When I tried it on the instance, it just disconnects. am I missing something silly here?
Same here. In addition, if I create the file on my machine and run the exploit again + arguments it crashes with one of the arguments as EIP. I don’t really know how to interpret this.
kinda confused because both the printf and puts are returning absolutely no output for some reason
EDIT: just had to solve it in a probably convoluted and unintended way, but many roads lead to shellcode 8)
Can you post a link to some good tutorials on bof-ing?
I see both functions in g**ra and I love how params form words in hex :), but I don’t know the basics I guess, as payload I’m creating does nothing.
Shall I just fill the whole 384 reserved bytes and put params and fag function adrress just after it? Or maybe if I just put any string delimiter and some sort of JMP or call just after?
dont know where u got that number but its not correct. find the correct number and how does the stack works and u will solve it.
Just solved this problem. Had the right answer for a while but nc was the thing that was throwing me off. As a tip, if you connect with nc, make sure you hang around long enough to get a response from the server.
I think i have the correct payload but i just can not get it to work. If anybody would be willing to discuss my idea/sample and nudge me into the right direction it would be very much appreciated.
Hi there.
Any resources to start learning pwning? Or any resources to start learning hiw to solve challenges? It is easier for me to solve machines than challenges. Any info is appreciated.
Hi there.
I`ve wrote payload and read file with some text and have segmentaion fault after it.
How i can send my payload to docker.hackthebox.eu port:32133
Then i use nc I dont have any answer. It because i have segmentation fault?
Hi there.
I`ve wrote payload and read file with some text and have segmentaion fault after it.
How i can send my payload to docker.hackthebox.eu port:32133
Then i use nc I dont have any answer. It because i have segmentation fault?
I’m stuck here as well. I created a payload that overrides ESP with the function I want to jump to address and got this when running locally:
“Hurry up and try in on server side.”
When I tried it on the instance, it just disconnects. am I missing something silly here?
I’m exactly at this point and I don’t know how to fix this. I have read posts above mentioning how to send this payload via netcat, but it just won’t work.
I have created a payload. When running: (cat payload; echo) | ./vuln
the “Hurry up…” message is returned.
Yet when I try this on the server: (cat payload; echo) | nc docker.hackthebox.eu xxxx
I get nothing
If anybody could give another hint, I’d be grateful
There is no position independent code, so the main binary will always be loaded at the same address. However, ASLR will affect shared libraries and stack location.
Yoo can anyone give me a nudge in the right direction? I am in the process of trying to bof the first function but can’t seem to get the return address to point to the function I need and even if I did I don’t know how I would pass in the required arguments