[Pwn] No Return
DIdn't see a discussion so I thought I'd start one. I've got something basic working, struggling to develop into something useful.
- GCIH | GCIA
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Tagged:
Sign In to comment.
Quick Links
Categories
- 3.7K All Categories
- 2.7K Discussion
- 1.3K Machines
- 492 Challenges
- 26 RastaLabs
- 142 Exploits
- 41 Programming
- 635 Off-topic
- 1.1K Tutorials
- 569 Writeups
- 96 Video Tutorials
- 176 Tools
- 217 Other
- 29 Links
- 29 News
Comments
Definitely not ret2libc. Return to something else maybe?
Write-ups | Discord - limbernie#0386
Fun challenge
I have a suspicion, but gadgets are sparse
@limbernie said:
It would be hard to without
retorlibc! I'm looking into seeing if I can find any treasure in the junk.If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
There is a good paper of 2010 about JOP
After 6 hours solid work, I finally owned this. Great brainfuck challenge!
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
There's no need to read any paper
It actually helps, it give me an hint on what to do, of course it can be solved without reading anything
Good challenge. Waiting for the last of three.
ughhh i thought this was gonna be easy as pie until i saw no pages were mapped rwx :T
Pretty nice challenge.
If you need help. PM me.
I need help with the first step to expand the stack.
Hey, people.....
i need a hint please.
does we need to use system (kernel) functions from vdso?
or we need to use only JOP's from elf?
can you share some material for this exploit technique?
thank you.
ah, yes, i am be able to do infinite loop in the end of the elf. but it is waiting for "tty input".
is this a right way?
Spoiler Removed
Could use a hint
trying to get s**p to work, im able to call r*_s*******n, but it segfaults right after. Am I heading the right way?
Spoiler Removed
EDIT: finally got it.
Learning some new technique
Great challenge .
hard to get the right JMP , but when you find it its straightforward .
What an interesting challenge.
Learned that a certain instruction behaves differently in an error case when inside a virtual machine. Managed to avoid the error and got it to work in the end.
Done & Dusted! A nice and easy challenge coming after doing those Dream Diary Challenges. Thanks to @chirality for a good challenge.
Wx
Learn a lot. Thanks to the creator of this, @chirality
i solved it in a very roundabout way and feel like i'm missing something that would make this easier. if someone would like to share their solutions with me, i'd love to see them
EDIT: seen a writeup now, could've been solved much shorter, but i like my way better :P
Very interesting challenge, one from the most interesting as for me
Thanks @chirality for it
Can someone hit me up with some hints and nudges for this.
I have disassed the entry.. and now I feel clueless and helpless
Thanks!
Wow, such a cool challenge. Learned a lot along the way and the most complex I've done yet. I do wonder if I overcomplicated it, but if it works it works
Hopefully not a spoiler, but Ghidra sort of hid something that was important for my solution, where another disassemblers like Binary Ninja did better.