Official BigBang Discussion

OK!!! I really go crazy with this machine its way far from my skills i make good move but stuck in Zp.it to get a foothold on this machine

Finally rooted!

if you hit strings and grep debian i believe it tells you the version of the so, you can either write a script, pull it from docker container or download the version

Anyone around answer question or two for initial foothold? I feel im real close but not sure where im stuck

Got the ‘Remote’ code fixed and downloaded the necessary files only to have problems with the ELF parsing binaries in the pwnlib, specifically an ‘int’ overflow. Anyone know how to overcome this?

I always get a damaged libc and I cannot find this specific version 2.36-9+deb12u4. I can only find 2.36-9+deb12u9 which does not work with the exploit. How do I get the download right or where can I find this specific version?

Got the libc version now from Debian 12.4. But exploit still fails.

Anyone I could DM about root?

Is the exploit for the foodhold tested for multi user? I see there are two others working on the machine. Perhaps the heap is not that stable with multiple users. I cannot see what I am doing wrong, but no shell…

Ive been fighting this all week. Think im gonna call it and once new box comes ask someone who completed to show whay i did wrong on script

Finally got it. I’m not sure if I’m happier over rooting the box, or that all that work to fix stuff is over with…

1 Like

Wow finally got user I was close from a long time, just a small mistake I had to Url encode twice the last send then it work.

Thanks, that was the same thing I forgot! Note that the newer libc has the same offset for system (someone told me it also worked with libc of Kali, but I don’t think so:

┌──(kali㉿kali)-[~/htb/bigbang]
└─$ readelf -s libc.so.6 | grep system
  1023: 000000000004c490    45 FUNC    WEAK   DEFAULT   16 system@@GLIBC_2.2.5
                                                                                                                                                                                                                                           
┌──(kali㉿kali)-[~/htb/bigbang]
└─$ readelf -s newer.libc.so.6 | grep system
  1024: 000000000004c490    45 FUNC    WEAK   DEFAULT   16 system@@GLIBC_2.2.5
                                                                                                                                                                                                                                           
┌──(kali㉿kali)-[~/htb/bigbang]
└─$ readelf -s /lib/x86_64-linux-gnu/libc.so.6 | grep system
  1052: 00000000000528f0    45 FUNC    WEAK   DEFAULT   16 system@@GLIBC_2.2.5

get the .deb from debian.snapshot and then create a docker container with it. after that pull the libc.so.6 elf out of the docker container

try to skip the check for zlib.

A note to whoever flagged this, it was a humorous reaction to the difficulty of the box and I went on to root the box.