Hello, I’ve been struggling for a week now… and I can’t seem to find an answer, tried to think out of the box tho. Maybe I’m still @ the matrix.
The thing is I’m trying the last challenge of the HTB academy :
'Read the file “/root/flag.txt” and submit the content as the answer. ’
In the whole tutorial, we can see we can abuse a stack-based overflow in order to spawn a reverse shell for example. But does not regard anything about privilege escalation.
In the exercise it’s said:
After our research, we found out that these messages are stored in "/htb-student/msg.txt," which is binary owned by the user root, and the SUID bit is set.
Although /htb-student/msg.txt has no SUID bit nor is root-owned…
Anyway, the approach I have tried is to obtain some other shellcode (for linux 32 bits) from : http://shell-storm.org.
But I got no luck… I don’t know how can I get to the flag and my light of hope is slowly fading out… someone can give me a light? Or shall i cry in this dark dark room?