Someone please tell me what Im missing. I have a local exploit working, same OS and what I believe is the same libc, works perfect locally but fails remotely. I won’t give any spoilers, but Im able to achieve a write primitive, and able to leak libc via function overwrite. It always hangs when I call system. Someone smarter than me, please shoot me a message.
I haven’t done the challenge yet (so I might be wildly off track), but if the binary is exposed through socat, it might interpret the 0x7f character (so frequent in 64bit addresses) as a DEL character, messing up the 0x7f… address and probably ruining the exploit.
I’d suggest running the binary locally with socat to emulate this behavior and react accordingly.
I haven’t done the challenge yet (so I might be wildly off track), but if the binary is exposed through socat, it might interpret the 0x7f character (so frequent in 64bit addresses) as a DEL character, messing up the 0x7f… address and probably ruining the exploit.
I’d suggest running the binary locally with socat to emulate this behavior and react accordingly.