Official Hunting Discussion

Official discussion thread for Hunting. Please do not post any spoilers or big hints.

I got the flag leaking locally but it just segfaults on the remote side and I have no idea why :frowning:

Try to exit properly at the end of your “exploit” I have done the challenge

Hey @christrc , thanks for the tip but locally I am exiting properly without causing any fault

Can I PM you for help?

Type your comment> @travisjayday said:

Can I PM you for help?

did you get flag?

can anyone help?

@MRWhiteCap no I haven’t. I’ve tested my exploit on various machines locally but the remote always just throws SIGSEGV. From my debugging, I figured the remote must do something strange with catching signals, preventing my “exploit” from hooking certain signal handlers properly. But I just don’t know how to debug it. Maybe there’s a different approach.

Type your comment> @travisjayday said:

Can I PM you for help?

Yes if you want

I’m almost there. Locally I found the pointer to the flag, but I fail to bring it to stdout. Always I get an exit code 31 when using the available method. Any hints please.

Finally. Size matters…

I’ve been stuck on this one for a few days. Is there anyone still checking this I can ask in more detail about where I’m at and maybe be able to push towards my next step?

Thanks @clubby789 for a good challenge. I went down wrong signal path but found the bugger!

Quite a ride, got it in the end.

If somebody is asking why it does work locally, try it in 32bit system. In mine (64bit) it was not working and a new vm did the trick for testing

If you need help reach out to me

I’ve just wonder, if this a bug or a challenge part that it calls non-executable memory on my Kali 2.31 libc? Challenge seems quite easy, but that is a bit weird.

Confirmed. This challenge does NOT work on x64 system correctly, because memory regions are not executable. It is completely different for x32. Lost a lot of the time in searching hidden tricks… :frowning:

It’s a crucial part of the challenge to find an old version of Linux because that “spot” was intended to be executable, which version of Linux to find? That’s your challenge to find out! My hint is, I couldn’t find any pre-canned stuff, had to put some time into writing code once I found out what the objective is.