Rope

1246

Comments

  • Finally rooted.
    Root was hell and frustrating because of the long time the script takes over the network.
    Learnt really a lot!

    Hack The Box

  • Happy 2020 everyone! Would someone care to give me some nudges towards the foothold? I have (most of?) the pieces I think, looking for the way forward.

  • Definitely the hardest box I've ever done. Well worth the effort though.

    Foothold:
    - Play with the inputs, you can break something
    - Dig around and once you find it, study it
    - Finding the source (it's been modified) will help you understand it and develop your exploit
    - You might see something vulnerable, which can be very powerful.

    User:
    - It's not really binexp

    Root:
    - Look at the name, and find the vulnerable part

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited January 3

    thanks

  • dspdsp
    edited January 3

    thank you @r4j for this box. It is so perfectly put together. my hint would be when you are in your darkest hour, go byte by byte ;)

  • Can someone help me with foothold-to-user binary? i found potentially vulnerable function, but dont exactly understand how it works.

  • Finally had some time to spend on this very entertaining box :)

    Just to confirm; the user j* isn't the one who has the user flag, right? Is that the user r*?

  • Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me

  • Type your comment> @mosaaed said:
    > Can you guys help me with any article that Can I read that can help me with buffer over in Linux PM. I found binary file. PM If you can help me

    Which one? If you mean the first one, there might be another way.
  • @scud78
    I mean for the first and second

  • edited January 20

    .

  • edited January 21

    @p4w16 said:
    rooted! love this box! if someone need help poke me in priv. ;)

    hi i pm u :D

  • edited January 22

    anyone know how to create perfect exploit for first step?
    I don't wanna brute force stack return address.

    Any idea how to do it?

  • > @Skajd said:
    > anyone know how to create perfect exploit for first step?
    > I don't wanna brute force stack return address.
    >
    > Any idea how to do it?

    What if I told you there is no return address?
  • edited January 23

    Type your comment> @scud78 said:
    ...

    What if I told you there is no return address?

    hmm this have sens. I GOT it thx :)

  • i m kinda confused at the beginning itself

  • Type your comment> @clubby789 said:

    Definitely the hardest box I've ever done. Well worth the effort though.

    Foothold:
    - Play with the inputs, you can break something
    - Dig around and once you find it, study it
    - Finding the source (it's been modified) will help you understand it and develop your exploit
    - You might see something vulnerable, which can be very powerful.

    User:
    - It's not really binexp

    Root:
    - Look at the name, and find the vulnerable part

    Great tips.

    I've found the binary and the original source code, I guess they patched the bof that was known, so now I don't know how to find anything new.
    Any help debugging please? I'm terrible at reversing binaries

    Hack The Box

  • @R007KIT said:
    i m kinda confused at the beginning itself

    Where are you stuck?

    Hack The Box

  • Rooted. Learned a lot. Thanks to the creator.
    PM me if you are stuck. :wink:

  • I'm having issues finding the binary file / source code. I found an interesting file that looks like it should be in the correct directory but I can't open it with my debugger. Any hints?

  • edited February 27

    Done and Dusted! Thanks @R4J for a bloody awesome set of challenges.

  • Can someone confirm for the first 32bit binary are we looking for a type of exploit that rhymes with doormat ping? Did anyone actually exploit a BO in the first binary?

    Hack The Box

  • Type your comment> @bu77er0verfl0w said:
    > Can someone confirm for the first 32bit binary are we looking for a type of exploit that rhymes with doormat ping? Did anyone actually exploit a BO in the first binary?

    You are correct sir. Well that will help its not the entire exploit.
  • Made it all bruteforce way, w/o additional user abilities.
    Great box! Thanks @R4J for a good OSCE preparation!

  • edited March 10

    So I have found the F***** S***** exploit thingy on the H**S***** binary..
    Can you nudge me a alittle bit as in what direction I should aim?
    And also I get a S
    gF*** in Li*c. if that helps when IP points to 41414141..
    So I think perhaps Im going somewhere atleast...

  • Rooted. Wild ride I must say.

    Don't really understand why people are saying this is not binexp because from foothold to user, to root is all binexp to me.

    Remember to use checksec on all binary. Take note of all security features the binary is leveraging. You will need to find out how to bypass all of them.

    Also, for root, for those that choose not to use pwntool but instead using raw sockets, remember to leave some time after invoking c.recv(). This one cost me 3 weeks...

  • Hi , can i get some help with initial foothold ?? my exploit work's perfect locally but not working when i run it against the remote server :(

  • edited March 31

    After hours and days (and a machine reset, since the exploit refused to work remotely), I finally managed to gain the initial foothold.
    But now, I'm totally stuck how to proceed. I can see what privileges I have, but I don't see how this could help in any way :confused: And reading that the path is or isn't binexp-related doesn't really make it any better.
    Anyone willing to spare a hint?

    NVM, I think I found "something".

    Edit: Got user :)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Is this box related to http://workgut.com/ or is that just a coincidence == red herring ?

    guanicoe

  • @guanicoe said:

    Is this box related to http://workgut.com/ or is that just a coincidence == red herring ?

    Maybe coincidence. Though I'm not sure what that website is about :D


    Hack The Box
    GREM | OSCE | GASF | eJPT

Sign In to comment.