Official RopeTwo Discussion

Got user :slight_smile:

Insane box. Hardest one on HTB easily.

Easily the hardest box I’ve ever done (well, just user). Definitely worth the time and effort though.

Wow… not even 10 roots yet.

Rooted :slight_smile: Best box on htb.

@Overthink said:

Rooted :slight_smile: Best box on htb.

Fantastic work.

Definitely the hardest box I’ve ever done, but well worth the effort. Taught me something new at every stage.

Got a shell, go to next user…

Why ssh periodically don’t response? Anybody has something similar?
EDIT: Found problem.

I need help with second user part. Please PM me for discussing.

Type your comment> @pinnn said:

I need help with second user part. Please PM me for discussing.

If you have queries, you can dm me on discord.

Hint for foothold and user:

If you know where things are going, you will find some resources online that are VERY similar to the solutions required to get to user.

@yb4Iym8f88 said:

For those who will need it and do not want to google a lot:
Debug symbols for kernel 5.0.0-38-generic (unsigned) are there https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+sourcepub/10775082/+listing-archive-extra
Do not know why they are not indexed by google properly.
Or you can just compile it from sources.

Thanks for sharing. My Google-fu probably failed me on finding those, and I was already about to try debugging without those (which caused quite some headache :smiley: )

Spoiler Removed

Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!

@pinnn said:

Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!

Congrats. Still fighting with it, but I’m sure that I’m on a good path :wink:

The badge is expected to appear soon™ :smiley: (at least, that’s what everyone got assured of, as long as the official Discord channel existed)

Can anybody give me a nut about how to get the leak (bypass the PIE) on the second part to get user?

I am getting this error everytime: mismatching next->prev_size (unsorted), can someone help me sort it out?

User part is not hard. :smile:

Type your comment> @HKHK said:

User part is not hard. :smiley:

Will try getting root now

I’ve compiled the program and set a breakpoint on the new function.

It hard crashes with

Thread 1 "**" received signal SIGILL, Illegal instruction.

as soon as it is hit, Is this intentional or have I screwed up on the compilation stage