Type your comment> @xeto said:
You don't necessarily need shell as you have what you need already, but if that's the approach you want to take then I'd leave the more common shell tools behind.
Type your comment> @BigDaddy said:
Sounds like an OpenSSL problem you have on your client machine, but hard to tell without seeing the command you are using exactly (don't post here). The client could possibly be trying to use TLS 1.3
Do you have control of both inputs or just one of them?
Looking at the code, it's essentially the strcmp function without a NULL terminator check. So there is definitely a buffer read overrun possibility which can cause undefined behaviour, usual…
Rooted without using bof method. Moving onto bof next. Anyone got root directly from *n*ra portal? Think I found an RCE but working around url encoding issue. PM if you have, would love to know how you managed it.
Great box by the way, found it…