@sebiV said:
I’ve compiled the program and set a breakpoint on the new function.
It hard crashes with
Thread 1 "**" received signal SIGILL, Illegal instruction.as soon as it is hit, Is this intentional or have I screwed up on the compilation stage
Can you please be more specific? What program did you compile?
Hi. I have a shell to the machine. can someone five me a nudge for user?
Type your comment> @HomeSen said:
@sebiV said:
(Quote)
Can you please be more specific? What program did you compile?
I’ve private messaged for fear of writing of spoilers
@f1x1t1x1f said:
Hi. I have a shell to the machine. can someone five me a nudge for user?
The common privilege escalation scripts should guide you the way to what to investigate next 
Type your comment> @HomeSen said:
@f1x1t1x1f said:
Hi. I have a shell to the machine. can someone five me a nudge for user?
The common privilege escalation scripts should guide you the way to what to investigate next
OK, then I have to look deeper.
Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago 
@HomeSen said:
Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago
Fun fact about this box - because it is so hard, we can be 100% certain that no more than 34 people have made it to Omniscient rank on HTB since 27 June 2020.
I really feel that getting to 100% ownership is orders of magnitude harder than it was merely 12 months ago. The knock-on effect is that Guru and Elite Hacker are also a lot harder (because getting to 90% ownership when a box and a challenge change every week is painful).
Hopefully this will be taken on-board by the hiring managers, recruiters etc., who seem to be using HTB ranks as a hiring/promotion rule.
I’ve probably missed something obvious for the initial foothold. I’ve spotted the vuln in the repo and know the general direction to exploit it. The only problem is it’s a client-side vuln. How exactly am I supposed to obtain an RCE from it?
Check the other port. It will allow you to “deliver” your payload.
Type your comment> @HomeSen said:
Check the other port. It will allow you to “deliver” your payload.
Thanks for the tip.
I got user…
Thanks to @HomeSen for hints and supports 
rooted \o/
If someone with a better knowledge of a linux kernel has time to chat, let me know. Still don’t get why some tricks didn’t work as they should.
Type your comment> @HomeSen said:
@pinnn said:
Got root! It was my first kernel exploit (i found two ways to exploit it) @R4J thanks!!
P.S. Where is the badge?!Congrats. Still fighting with it, but I’m sure that I’m on a good path
The badge is expected to appear soon™
There should be three badges for this box: foothold, user and root! ?
I’m kind of stuck again for user. I managed to land an arbitrary write but I can’t find a way to leak an address. Any hint would be appreciated.
EDIT: Nevermind. even if I can’t “read” an address directly, I can still modify it.
I’ve rooted it.
Thanks @r4j for amasing box and @HomeSen and @smrtptr for valuable hints and nuges.
If I could give respect several time, I’d have done it to @HomeSen for hints 
and to @r4j for box. I spent several month for it and many time felt how my brain was crashing.
This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!
Well done to everyone who rooted this box.
@TazWake said:
This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!
Well done to everyone who rooted this box.
@HomeSen said:
@TazWake said:
This box will finally retire later today. It will be interesting to see the write ups and they are pretty much the only way I will ever manage to root it!
Well done to everyone who rooted this box.
Thats an awesome write up! Amazing work to root the box. I think - even with the write up - I would struggle!
Thank you so much for sharing.
Thanks.
I usually add more details to my write-ups, but I somewhat never managed to prepare the one for RopeTwo. And now I was caught on a pretty short notice on Friday evening that the box will get retired on Saturday
@HomeSen said:
Thanks.
I usually add more details to my write-ups, but I somewhat never managed to prepare the one for RopeTwo. And now I was caught on a pretty short notice on Friday evening that the box will get retired on Saturday
It is still awesome!
Have I gone blind or is there still no Ippsec video or official walkthrough for this?