Official Space pirate: Retribution Discussion

Official discussion thread for Space pirate: Retribution. Please do not post any spoilers or big hints.

Hi everybody,

I’m stuck in this challenge. I think I have found the vulnerability but now I don’t know how to proceed. Any hint would be greatly apreciated.

Thanks in advance

To develop the exploit for the vulnerability, I used the excellent toolkit in Python p******s. You can find the toolkit and the used technique by web searches.

Thanks @xtal. I think my explanation was erroneus in the last post. (I don’t want to reveal any info about the challenge)
In other words, as a first step to solve the challenge I discover the vulnerability but now I don’t know how to exploit it. I think I need to leak some data to know something related to libc but I don’t see how.

A bit of light here would be great.
Thanks in advance

You have the same thought as I. Because you found the vulnerability I am very sure you have seen the leak. May be you have not not yet recognized the leak or not recognized the possibilities of the leak you have seen.

1 Like

Thank you @xtal.
I will look more carefully and I will open my eyes as much as possible.


Now this is retired here is my write-up However, I will urge you to not look at my pwntools script without understanding my explanation of the exploit first.