Official RopeTwo Discussion

Overthink · July 8, 2020, 3:03am

Got user

Insane box. Hardest one on HTB easily.

clubby789 · July 8, 2020, 10:12am

Easily the hardest box I’ve ever done (well, just user). Definitely worth the time and effort though.

okipower · July 10, 2020, 11:53pm

Wow… not even 10 roots yet.

Overthink · July 14, 2020, 10:02pm

Rooted Best box on htb.

TazWake · July 14, 2020, 10:48pm

@Overthink said:

Rooted Best box on htb.

Fantastic work.

clubby789 · July 15, 2020, 10:29pm

Definitely the hardest box I’ve ever done, but well worth the effort. Taught me something new at every stage.

pinnn · July 18, 2020, 8:31pm

Got a shell, go to next user…

pinnn · July 19, 2020, 5:08pm

Why ssh periodically don’t response? Anybody has something similar?
EDIT: Found problem.

pinnn · July 27, 2020, 4:51pm

I need help with second user part. Please PM me for discussing.

r4j · July 27, 2020, 6:39pm

Type your comment> @pinnn said:

I need help with second user part. Please PM me for discussing.

If you have queries, you can dm me on discord.

h0ps · August 23, 2020, 10:02pm

Hint for foothold and user:

If you know where things are going, you will find some resources online that are VERY similar to the solutions required to get to user.

HomeSen · August 24, 2020, 7:19am

@yb4Iym8f88 said:

For those who will need it and do not want to google a lot:
Debug symbols for kernel 5.0.0-38-generic (unsigned) are there https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+sourcepub/10775082/+listing-archive-extra
Do not know why they are not indexed by google properly.
Or you can just compile it from sources.

Thanks for sharing. My Google-fu probably failed me on finding those, and I was already about to try debugging without those (which caused quite some headache )

Zot · August 26, 2020, 7:47pm

Spoiler Removed

pinnn · September 1, 2020, 1:07pm

Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!

HomeSen · September 1, 2020, 1:21pm

@pinnn said:

Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!

Congrats. Still fighting with it, but I’m sure that I’m on a good path

The badge is expected to appear soon™ (at least, that’s what everyone got assured of, as long as the official Discord channel existed)

scentlxss · September 27, 2020, 10:58am

Can anybody give me a nut about how to get the leak (bypass the PIE) on the second part to get user?

scentlxss · September 29, 2020, 6:42pm

I am getting this error everytime: mismatching next->prev_size (unsorted), can someone help me sort it out?

harshHK · October 27, 2020, 6:47pm

User part is not hard.

harshHK · October 27, 2020, 6:48pm

Type your comment> @HKHK said:

User part is not hard.

Will try getting root now

sebiV · October 27, 2020, 9:46pm

I’ve compiled the program and set a breakpoint on the new function.

It hard crashes with

Thread 1 "**" received signal SIGILL, Illegal instruction.

as soon as it is hit, Is this intentional or have I screwed up on the compilation stage

Topic		Replies	Views
Official SneakyMailer Discussion Machines	327	36007	November 26, 2020
Official Download Discussion Machines	151	6628	October 29, 2023
Official Horizontall Discussion Machines	173	24726	August 1, 2023
Official Bucket Discussion Machines	265	35325	April 22, 2021
Official ScriptKiddie Discussion Machines	451	64333	June 8, 2021

Official RopeTwo Discussion

Related topics