Stack Buffer Overflow - Skills Assessment - Linux x86 buffer overflow course Academy HTB

Hi guys,

thank you for your time to look into this and help me. I am trying to get the root flag from one of the course in academy.hackthebox, however, as its a buffer overflow attack, I followed it got the offset, and even got the shell to connect back, but the return shell is of the user(htb-student) level, and not root…
any guidance please?

there is a setuid set on the leave_msg program, so I run it under GDB and was able to get it to trigger the shell.

Regards,
RP

I have managed to get the root flag. thank you.

hi, i stuck in the nc listening, can you gimme a hint please

hello felipe, may be try another port, and also check there is no bad character…

Type your comment> @rptester said:

hello felipe, may be try another port, and also check there is no bad character…

thanks for you help, finally may a finish the test

Spoiler Removed

Ca someone help me how to get the root flag

@Gocka said:

Ca someone help me how to get the root flag

Is there a root flag on this academy module? Or do you mean the Academy box?

If you mean the box, this might be a better place to ask: Official Academy Discussion - Machines - Hack The Box :: Forums

No on the Academy

Type your comment> @rptester said:

Hi guys,

thank you for your time to look into this and help me. I am trying to get the root flag from one of the course in academy.hackthebox, however, as its a buffer overflow attack, I followed it got the offset, and even got the shell to connect back, but the return shell is of the user(htb-student) level, and not root…
any guidance please?

there is a setuid set on the leave_msg program, so I run it under GDB and was able to get it to trigger the shell.

Regards,
RP

If you test the payload with gdb and if it works, then try running the exact payload without gdb ( ./bow [payload] ). DM me for any help

Tried to follow along but cannot create example files. Look like missing stuff.

Hello, I’m still stuck getting root access. Is anybody give me a hint details ?

Hey guys, can anyone please help with the first question? I can get all the information that I need with the file command but I am not sure how they want the answer? I know its a 32 bit ELF for Intel and I tried many diffferent combinations but none worked. Thanks in advance!

The format is

xxx xx-xxx

, just plug in what you already found.

1 Like

Thank you chieftain!!