thank you for your time to look into this and help me. I am trying to get the root flag from one of the course in academy.hackthebox, however, as its a buffer overflow attack, I followed it got the offset, and even got the shell to connect back, but the return shell is of the user(htb-student) level, and not root…
any guidance please?
there is a setuid set on the leave_msg program, so I run it under GDB and was able to get it to trigger the shell.
thank you for your time to look into this and help me. I am trying to get the root flag from one of the course in academy.hackthebox, however, as its a buffer overflow attack, I followed it got the offset, and even got the shell to connect back, but the return shell is of the user(htb-student) level, and not root…
any guidance please?
there is a setuid set on the leave_msg program, so I run it under GDB and was able to get it to trigger the shell.
Regards,
RP
If you test the payload with gdb and if it works, then try running the exact payload without gdb ( ./bow [payload] ). DM me for any help
Hey guys, can anyone please help with the first question? I can get all the information that I need with the file command but I am not sure how they want the answer? I know its a 32 bit ELF for Intel and I tried many diffferent combinations but none worked. Thanks in advance!