I'm having some trouble reading the user.txt
I suspect it can't be read with current permissions. I'm fairly sure I need to use m****** file to go on. I've removed the bad chars and changed permissions to 600 but I'm not b…
sock.accept() function is hanging because it is waiting for a connection. You can set a timeout about 30 seconds I think.
Nothing is wrong with these scripts. If you are not get a connection back, you can try a few more times. If t…
Not stuck, already solved it. I am wondering why the 64 byte offset is required when referring to the server libc "/bin/sh" vs no offset on my local libc.
You are getting %s%s... string on remote right ?
Because remote offse…
I also ran in to this and solved it prior to seeing this thread, similarly to @LittleWho, with agonizing brute force. Could someone chime in and explain what is going on?
Which part do you stuck at ?
Oh, so x...g is.not the entry point? I don't find an exploit in another format, only for metasploit... I don't know if i am on the right track... Any hint by pm please.
Search on google you'll find out. And write your ow…
Thanks guy, I already found the file but I've got the wrong user (as @wilsonnkwan tried to say to me before )! I tried to bruteforce the right user with hydra but seems there is some issues. So, I tried to use hydra using t…
I am using docker for this purpose. My main os is debian. I installed other gui tools like burp-suite.
Installed other tools I need on my docker container.
I am using proxy to connect htb machines on my machine, or interrupt the request.
I am working on some buffer overflow challenge.
I build a binary it uses puts function.
ASLR is active, NX is enabled.
So how can I leak the libc base addr?
32-bit binary btw.
My payload looks like: padding + [email protected] + [email protected]
I found another way to get root, as the PoC found here:
if we insert this command in the very first question:
If anyone can help me with priv Esc on this box it would be nice. I think I have an idea but dont know how to look at the past.
You are so close..
Just Google it, you will figure out..