Ellingson

Bsquared · July 11, 2019, 2:06pm

having trouble with the initial entry vector, i have the i*_**a file but can’t get past the passphrase. Tried PM-ing a few peeps but no luck yet, can someone give me a nudge?

i’ve seen the hints about adding myself to a known place but not quite sure how to do that. Also tried cracking the i*_**a passphrase…

EDIT: got it, tried harder (facepalm)

CrystalSage · July 12, 2019, 12:53pm

Can someone help me ? I’ve been learning various techniques about binary exploitation mentioned in here. But I’ve no idea how to start on the actual exploitation of the binary. This is too confusing

Laurance · July 13, 2019, 1:31pm

need a nudge on breaking the hash, John (use r***_y** dictionary) just exit after a few seconds with session completed, had no idea. tried --format with no luck.

EDIT: GOT user.txt

stuck on the r*p, it works locally ?but not on Ellingson

Rooted!

Informatiger · July 14, 2019, 10:06am

On the same boat as Crystal. I tried following ippsec’s guide closely, but Radare does not find anything “pop rdi”. Since I’m new to this I’m now lost. Any pointers are greatly appreciated

ScreenSlav3r · July 14, 2019, 2:20pm

Type your comment> @Informatiger said:

On the same boat as Crystal. I tried following ippsec’s guide closely, but Radare does not find anything “pop rdi”. Since I’m new to this I’m now lost. Any pointers are greatly appreciated

Same boat…/R pop rdi no output

CrystalSage · July 14, 2019, 5:20pm

There is a pop rdi gadget in here. You won’t find it using radare2. Try some other tools which find those gadgets for you. @ScreenSlav3r

ScreenSlav3r · July 14, 2019, 6:50pm

Type your comment> @CrystalSage said:

There is a pop rdi gadget in here. You won’t find it using radare2. Try some other tools which find those gadgets for you. @ScreenSlav3r

I’ve got one tool… Can we discuss privately @CrystalSage …

Informatiger · July 15, 2019, 11:27am

Rooted, massive shout out to this community

greenpanda999 · July 15, 2019, 9:30pm

So, I’ve had a couple of people ping me regarding the EOF error.

http://itsvipul.com/writeups/Sec_fest/Baby1.html

Go through this write-up, maybe you could find something interesting.

ompamo · July 16, 2019, 11:15am

Congrats to @Ic3M4n for a very good box. Very fun, specially the binary exploitation part!

CrystalSage · July 16, 2019, 12:44pm

Rooted ! What a fun box ! Learned a lot

Deguy · July 18, 2019, 8:04pm

Anyone willing to help with the binary exploitation pls pm me. This isn’t something I’ve worked on before and I am working on understanding it however, I can’t seem to get pwntools to receive the output from the binary. Same code works fine on other binaries.

Jumecittu · July 18, 2019, 8:42pm

Type your comment> @CrystalSage said:

Can someone help me ? I’ve been learning various techniques about binary exploitation mentioned in here. But I’ve no idea how to start on the actual exploitation of the binary. This is too confusing

you have tried with rop technique?

Dozzo · July 20, 2019, 10:59pm

Got a shell as h**, would love if somebody could give me a pointer in regards to the cracking that needs to take place? I tried using data I found in an enum script but I don’t think I’m looking at the right area haha
Could someone DM me or just reply a small locational pointer as to where I could look? Thanks!

rallyspeed · July 22, 2019, 12:34pm

I have an issue with recvuntil on Kali, for some reasons it just hang and not reading any characters. I installed the tool on ubuntu and i don’t have any pb.
Anyone had similar issue ?

jimmypw · July 23, 2019, 8:03am

Type your comment> @rallyspeed said:

I have an issue with recvuntil on Kali, for some reasons it just hang and not reading any characters. I installed the tool on ubuntu and i don’t have any pb.
Anyone had similar issue ?

I’m battling with the exact same issue here. When run in gdb manually it works fine, when using pwn it just hangs, not doing anything. I even checked to make sure that the prompt wasn’t being sent to stderr or something dumb like that, nothing. I’m rather blocked here.

ScreenSlav3r · July 23, 2019, 8:23am

Type your comment> @jimmypw said:

Type your comment> @rallyspeed said:
 I have an issue with recvuntil on Kali, for some reasons it just hang and not reading any characters. I installed the tool on ubuntu and i don't have any pb.
Anyone had similar issue ?

I’m battling with the exact same issue here. When run in gdb manually it works fine, when using pwn it just hangs, not doing anything. I even checked to make sure that the prompt wasn’t being sent to stderr or something dumb like that, nothing. I’m rather blocked here.

Tell the exact error so i can help…

jimmypw · July 23, 2019, 8:36am

Type your comment> @ScreenSlav3r said:

Tell the exact error so i can help…

Cheers i’ve pm’d you.

jimmypw · July 23, 2019, 2:35pm

To those that are having problems getting pwntools to receive output from the binary I suggest you read this: GitHub - zachriggle/pwntools-glibc-buffering

C1tad31 · July 24, 2019, 3:19am

anyone have any tips on this box DM me on HTB i dont read messages on here username is the same thanks