Just thought I’d mention a few things to help with the development of the exploit for the challenge.
If it works locally but fails remotely (some of you might face this issue), try to follow the adjustment that I mentioned in the challenge description. I’m not too sure why it happens exactly, but if you debug locally by running the binary through an xinetd service, you should be able to get good offsets. If any of you know why this happens, feel free to inform me as I’m very curious why it happens.
The flag file name isn’t guessable. A shell is very possible here and really consider the challenge description about the shortcomings of blacklisting.
Sometimes it helps to use more than one binexp technique
Anyways, hope all of you can keep enjoying this challenge and learn something new!
Put this challenge off until it was the very last one on my list… (not intended to offend either, I was actually just scared of it ) After spending numerous days on it locally and quite a few hours remotely, it has finally been conquered. Thanks @will135 for making such a hard challenge!
Done and Dusted!!! Holy Smokes!! that puppy just like the previous 2 chapters were hard but ■■■■■■ absolutely worth it. I enjoyed how this challenge requires the utilisation of multiple binary exploit techniques. Thanks to @R4J for a great challenge
Done and Dusted!!! Holy Smokes!! that puppy just like the previous 2 chapters were hard but ■■■■■■ absolutely worth it. I enjoyed how this challenge requires the utilisation of multiple binary exploit techniques. Thanks to @r4j for a great challenge
Glad you liked it, but it was @will135 who made the challenge and not me.
Done and Dusted!!! Holy Smokes!! that puppy just like the previous 2 chapters were hard but ■■■■■■ absolutely worth it. I enjoyed how this challenge requires the utilisation of multiple binary exploit techniques. Thanks to @R4J for a great challenge
Glad you liked it, but it was @will135 who made the challenge and not me.
Got it. Pretty awesome this one! If anyone is up for discussing the solution, let me know. afaik, there’s no write up section for challenges, is there?
Got it. Pretty awesome this one! If anyone is up for discussing the solution, let me know. afaik, there’s no write up section for challenges, is there?
I’ve been working on this one for at least a week and a half now and I’ve had the main vulnerability for a while, but I can’t seem for the life of me to figure out how to leak a segment that I can use to modify control flow. If anyone is willing to chat, I really just need a kick in the right direction, I don’t want spoilers, I just feel like I’m stagnating a bit and I want to learn.
Edit: Actually, I’d like to hold off for just a moment, I might have found something helpful…
This challenge has been a lot of fun and I’ve learned quite a bit, but I’m stuck at actually getting a shell that I can use because of the restrictions imposed by the binary. I have a couple ideas that I’m still looking at, but at this point, I’ve set it up so I can just drop 4K of shellcode to it and it starts executing off. So, execution isn’t the problem…
If anyone is willing to kick me in the right direction to get around those restrictions, i’d be grateful. I’ll edit this response or respond down below if that happens or I find a way around the current problem.
