Official Space pirate: Retribution Discussion

system · May 27, 2022, 8:00pm

Official discussion thread for Space pirate: Retribution. Please do not post any spoilers or big hints.

4ncientDragon · June 19, 2022, 2:55pm

Hi everybody,

I’m stuck in this challenge. I think I have found the vulnerability but now I don’t know how to proceed. Any hint would be greatly apreciated.

Thanks in advance

xtal · June 19, 2022, 5:28pm

To develop the exploit for the vulnerability, I used the excellent toolkit in Python p******s. You can find the toolkit and the used technique by web searches.

4ncientDragon · June 25, 2022, 11:36am

Thanks @xtal. I think my explanation was erroneus in the last post. (I don’t want to reveal any info about the challenge)
In other words, as a first step to solve the challenge I discover the vulnerability but now I don’t know how to exploit it. I think I need to leak some data to know something related to libc but I don’t see how.

A bit of light here would be great.
Thanks in advance

xtal · June 25, 2022, 11:49am

You have the same thought as I. Because you found the vulnerability I am very sure you have seen the leak. May be you have not not yet recognized the leak or not recognized the possibilities of the leak you have seen.

4ncientDragon · June 25, 2022, 1:23pm

Thank you @xtal.
I will look more carefully and I will open my eyes as much as possible.

Regards

xrotica · August 10, 2022, 6:10pm

Now this is retired here is my write-up https://www.kissprogramming.com/?deadbeef=write-up&cafebebe=Space%20pirate:%20Retribution. However, I will urge you to not look at my pwntools script without understanding my explanation of the exploit first.