Official RopeTwo Discussion

It’s too easy for me to try to solve it

I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months

Type your comment> @TazWake said:

I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months

This statement scares me – especially from someone with 36x more points than I have!

@ricm916 said:

This statement scares me – especially from someone with 36x more points than I have!

I’ve been lucky :smile: - I really suck at binary exploitation!

@TazWake said:

@ricm916 said:

This statement scares me – especially from someone with 36x more points than I have!

I’ve been lucky :smile: - I really suck at binary exploitation!

And this machine is taking binexp to a whole new level :smiley:
The initial vulnerability can be spotted easily, but now I have to read quite a lot how to actually exploit that “technology” O.o

I have the vague picture of what I need to do, but man there’s going to be a lot of blog reading if I want to get anywhere here.

Type your comment> @TazWake said:

I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months

HAHAHAHA funny comment xD

Type your comment> @TazWake said:

I am fascinated that there are still no user bloods. I am going to take that as a sign I should avoid it for months

Ahahahahahah!!! ? ? ?

Are we sure the download needs to be bin exploited?
Has anyone done a bindiff between the download and the ropetwo download?

fulcrum and hackback as far as i can tell WERE the two longest bloods to get. This box has put them to shame.

Got a local exploit working. On to remote. Good luck if you’re just now starting - lots to learn with this one! :slight_smile:

@sparkla said:

There go my dreams of “having a chance because everyone else gave up”.

And there they are completely gone, now :smiley:
Box has been rooted (in an unintended way, though) :wink:

@HomeSen said:

Box has been rooted (in an unintended way, though) :wink:

Unintended ways are my favourite way. They give me hope being able to do it…

@TazWake said:

@HomeSen said:

Box has been rooted (in an unintended way, though) :wink:

Unintended ways are my favourite way. They give me hope being able to do it…

They just fixed it, and are now rolling out new machines.
Meanwhile, I am reading blog posts about “Careful children’s shoes” (translated by Chrome from Chinese to English), without really knowing what Chrome is trying to tell me by that :smiley:

I love it that one person rated root difficulty as “Piece of cake” :smiley:

Type your comment> @bigFish43 said:

I love it that one person rated user and root difficulty as “Piece of cake” :smiley:

lol, so the box is from a scale of piece of cake to brain ■■■■.

For 2 days now I have been looking for ways to attack the box, but there is no result. I will be very glad to any hints. Never sat 2 days without a foothold

@GreyParzival said:

For 2 days now I have been looking for ways to attack the box, but there is no result. I will be very glad to any hints. Never sat 2 days without a foothold

Check what the box has to offer, compile it, and then you’ll probably have to research a lot about the topic :wink:

The foothold is really hard, but well worth the effort for how rewarding it is. The step to user however looks like a whole other level. I’m going to be here a while lol.
Edit: For anyone starting out, the best tip I can give is: Ubuntu, fetch, revert, patch, compile

@sparkla said:

@HomeSen said:
Check what the box has to offer, compile it, and then you’ll probably have to research a lot about the topic :wink:

Your comment saved me a week and at least 5k grey hair.

Don’t make my mistakes and try to compile on Kali. I at least miss some build packages and need to start over completely…

I used a freshly installed Debian 10 VM for that (with 4 vCores and 8GB of RAM) and it took ~30mins (plus the time to install and configure Debian and the according packages)