Official discussion thread for Cosy Casino. Please do not post any spoilers or big hints.
I’ve got an exploit working against this binary running in a representative environment (i.e. same version of libc, ld-linux-x86-64, libpthread etc) but it’s not working against the challenge server. The challenge server is also not behaving the same as the binary I’ve downloaded. E.g. the show_gems function doesn’t appear to be included (or working), as it never prints out your current total in the menu. E.g. I never get anything like this over the network connection:
[*] Current ?: [70]
However, the behaviour of the app shows that the gem count is maintained internally.
[EDIT] I was being stupid. The show_gems function outputs to STDERR, which explains why I’m not seeing it on the output from the challenge server (which is only displaying STDOUT).
1 Like
I’ve also got something working against a local version but can’t reproduce with server, and it’s not the behavior of show_gems printing to stderr. I’m getting to a point locally where I can send payload and receive at least a puts response to know that I’m executing and I get nothing back when I try to send it for real.
please DM to discuss
That was fun. Nice challenge!! Feel free to send me a DM if you need help
Can someone DM me plz for help? I can leak reliably, just can’t craft a payload successfully.
I know most of these posts are old ones, but maybe there is still someone working on this. I have everything figured out except how to leak a useful address. Need that in order to use the ROP gadgets. I have been through the code many times and just don’t see it. Any help or hints would be greatly appreciated. Thanks.
Could anyone give me a pointer on the necessary glibc files to execute the program? libpthread.so.0 was migrated to the main library file in newer versions, and older versions just don’t seem to be compatible. I also can’t find glibc 2.27 library files for debian, so i’m kinda stuck, as newer library versions crash when attempting the exploit.
Nevermind, figured it out. To anyone else, you can test your exploit against other libc versions like 2.24 or 2.28, as long as you set the interpreter and needed libraries with patchelf. Then just switch back once doing the exploit remote.
Just came across this thread and noticed it’s a bit old, but thought I’d join in the discussion. While I’m not sure about the specific challenges and content related to Cosy Casino, I wanted to offer my recommendation for this great online casino website.
They offer a wide variety of games and betting options, as well as bonuses and promotions to help you get started. It’s always important to gamble responsibly and only with money you can afford to lose, but it’s great to have options like this online casino available for some fun and potentially lucrative entertainment.
A casino that promises a snug and comfy gaming experience sounds like a great way to unwind after a long day. While I haven’t had the chance to dive into it myself, I’m intrigued by the concept. If you’re anything like me and enjoy exploring the world of online betting and gambling, don’t forget to check out RTP Live. It’s a platform I’ve had some good experiences with. Their wide range of options and user-friendly interface make it a solid choice. Has anyone had any memorable moments or discovered some hidden gems on this platform?