Pwn Challenges

Going to show my noob-ness here, but…

What exactly are we trying to achieve with the pwn challenges? To take the “Little Tommy” challenge as an example, there is a download and there is an instance, but I don’t see how the two are related.

Quite happy to go read and learn and all that, but in what direction should I be looking to start digging into these?

Many thanks

pwn challenges are about binary-exploitation. In those challenges you are given a vulnerable binary which you can analyse locally and try to spawn a shell. The main goal is to be able to spawn a shell remotely (thus the instance). To accomplish those challenges, you better have a look at stack/heap-overflows and binary exploitation in general.

Interesting. This is definitely a new avenue for me. Time to hit Dr Google.

Thank you for the succinct response @game0ver. Appreciated. :+1:

Try starting with something like protostar VM from exploit exercises, checking some writeups you will get the basics… and when you know the basics, rop emporium is also very interesting!

Wow… There’s some great looking bits over there. Adds more exploit-exercises to training list

I love this stuff. The more you learn, the more you find that there is sooooo much more that you don’t know.

Thanks @ompamo :+1:

@CtrlEsc said:
Wow… There’s some great looking bits over there. Adds more exploit-exercises to training list

I love this stuff. The more you learn, the more you find that there is sooooo much more that you don’t know.

Thanks @ompamo :+1:

Love that!

oh well, i know on how to exploit the Little_tommy however, i already dirb the instance of it but i cant find any interesting file or folders, can someone PM me on this challenge?

@spade said:
oh well, i know on how to exploit the Little_tommy however, i already dirb the instance of it but i cant find any interesting file or folders, can someone PM me on this challenge?

Why are you using dirb? You need to do binary exploitation dummy, not web.

hey @daviddadj, PM?

Kind of weird. I somehow missed the binary download originally and thought these challenges are super tough because I need to exploit them without any knowledge about the code :slight_smile:

Well, anyway, I found the flaw in Little Tommy, could succesfully exploit it locally, but the started instance doesn’t seem to function properly.

Sorry for bumping this, just curious @CtrlEsc were you able to solve this as of today?

I need a little bit of pointer… would running GDB and checking the downloaded file bring me to somewhere?

how you guys know what time of file is that? copy it to linux/kali vm?

I solved it today. Disassemble it, understand how it works and you should know what to feed it.

@jseg thanks for the hint

I roughly know what i don’t know now…working on easier binary challenge at root-me first…

So i was also able to exploit it locally, but now it gives me an error: “flag: no such file or directory”, how can i get it to read to remote flag file

Hi ! I would like a bit of help for Little Tommy. I don’t want to spoil anything so if someone could PM me… Thx :slight_smile:

Hi! I managed to find the vulnerability and exploit it. However there are some details that I don’t quite fully understand. Can someone at ease with heap mechanism PM me to clear some stuff in my mind? :slight_smile:

Hello! I am new to reverse engineering, but I managed to get close to the end, but when I use the “print flag” command it says “/ bin / cat flag, no such file or directory” could anyone give me a light? I do not want the answer, just a point I do not see.

You can read and study the binary, for example, with IDA and run it with EDB debugger. To exploit it, you’ll have to start instance (same place where the source is) and connect to given IP and PORT, for example, with PUTTY or NETCAT.

disclaimer: I have not been able to get the flag.

Taking a look at these, sorry to revive a long dead thread, but how do I connect to the docker instance in order to exploit the port? docker.hackthebox.eu

Nice challenge! My hints would be watch out for rabbit holes (I seem to always waste time with them) the solution is right at your face. :slight_smile:

Focus on exploiting it locally first and then go for the remote instance (using NC, PUTTY or the like…).