Academy: STACK-BASED BUFFER OVERFLOWS ON LINUX X86

shazz · March 18, 2021, 10:40pm

Hi, any clue on the expected format for one of the Skills Assessment question: “Determine the file type of “leave_msg” binary and submit it as the answer.”

The hint “Knowing for which CPU architecture the binary has been compiled also belongs to the file type.” did not help to find the format.

Thanks!

Zerox9137 · March 25, 2021, 7:20am

I have no idea too

TazWake · March 25, 2021, 10:14am

Has file worked?

shazz · March 26, 2021, 11:44am

no. I tried part of it, changed the order… no luck

TazWake · March 26, 2021, 4:33pm

Just to check, if you run file, you get something like this:

file mcpq
mcpq: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=09c2f2538c60f165999f95d5731308afe285d432, stripped

I’d start with trying ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux) and working from there. It might need the “dynamically linked” bit or even the stripped bit.

It is definitely frustrating when the Academy labs don’t provide a “format” guide for how they want the answer.

shazz · March 27, 2021, 1:44am

I gave a second try, with/without the stripped bit, “dynamically linked” , setuid, … Yep a little frustrated to miss the last point due to a unknown format issue

xtk · April 17, 2021, 7:51pm

It should be elf32-i386 but not accepted annoying

(gdb) info files
Symbols from “/home/htb-student/leave_msg”.
Local exec file:
`/home/htb-student/leave_msg’, file type elf32-i386.

shazz · April 21, 2021, 7:36pm

If you find the expected format… I could close this course

Exci · April 22, 2021, 5:30pm

@TazWake said:
ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux)
I hope it’s not considered a spoiler, but the answer is a substring of this. I didn’t really like this kind of questions and they’re present in other modules too. No educational value out of guessing the exact string, IMO.

sharkmoos · April 28, 2021, 8:19pm

Hmm I feel self trolled. Got a shell on the skills assessment but no root

Satellite · May 13, 2021, 7:58am

Type your comment> @shazz said:

Hi, any clue on the expected format for one of the Skills Assessment question: “Determine the file type of “leave_msg” binary and submit it as the answer.”

The hint “Knowing for which CPU architecture the binary has been compiled also belongs to the file type.” did not help to find the format.

Thanks!

----> Answers format: XXX xx-bit

itsgudenuf · May 24, 2021, 12:55am

@Satellite thanks for the tip.

That closed it out for me.

I understand what they are trying to get us to do… make sure we know our platform and such… but making an arbitrary submission format is kind of silly. Then again, isn’t that what this is all about??? Testing inputs

Kn19hts3c · May 26, 2021, 3:13pm

Anyone please give any hints to root . Really tired with the machine and questions