Stack Buffer Overflow - HTB Academy Module

Hi everybody,

I’m following the Stack Buffer Overflow module in HTB Academy, it’s a good module for the beginner like me.
Currently, I’m able to win an access to my target with my exploit.
The problem is that I’m just the “user” of the machine and not the root. In fact, after start my exploit in GDB, I check my Netcat part and when I have won the access and I check the ID, I just have the name of the user (htb-student…).
Now, I don’t really know if I have correctly analysed the leave_msg programm or if I must to do a privilege escalation with other skills.

Thanks to have payed attention on my informations request.

Hi, Same here, have you solved it? are you able to please guide me, if you did or anyone please

Hi, not really… somebody said me that I have to overflow outside of GDB.

thank you for your response, appreciate it. yesterday, after thinking about it, I did try run the same python command with Shell code and return address, however I kept on getting core dump and no connect in the NC…I will try again today

So I ran that whole payload (python -c one) command under `(backticks)…any other hints?

Hey! I’ve already solved it. The problem is with GDB. This command what you constructed to attack, you must run over the GDB, bcs GDB block your root access. So just type quit in GDB and run it in ssh terminal what you loged in in this task but use ./name of program instead of run and use ` (that quotes in ‘~’ key i dont know why but “…” does not work, maybe you know this?) instead of $(…)

yes, thank you so much for your response, I was finally able to dabble too with what you have mentioned, using $() command subs. thanks again for the pointers, appreciate it.

@szymonr211 said:
Hey! I’ve already solved it. The problem is with GDB. This command what you constructed to attack, you must run over the GDB, bcs GDB block your root access. So just type quit in GDB and run it in ssh terminal what you loged in in this task but use ./name of program instead of run and use ` (that quotes in ‘~’ key i dont know why but “…” does not work, maybe you know this?) instead of $(…)

Thank you

@HackyBoomer63 said:
Hi, not really… somebody said me that I have to overflow outside of GDB.

Thank you

Thank you for your hint ! It’s work

hi, somebody gimme a hint, i can’t listen in nc

Hi folks! I’m struggling with the questions 1 and 3. I’ve tried so many answers, but no one is the right one. Any hint?

Type your comment> @vfina said:

Hi folks! I’m struggling with the questions 1 and 3. I’ve tried so many answers, but no one is the right one. Any hint?

search in forum, the answers its there

@felipe said:

Type your comment> @vfina said:

Hi folks! I’m struggling with the questions 1 and 3. I’ve tried so many answers, but no one is the right one. Any hint?

search in forum, the answers its there

Thanks for the response! I know the leave_msg is an ELF for a 32 bit architecture, but it does not seem the correct answer! I’ve correctly answered question 3, but the 1 one is going to make me so mad

Type your comment> @vfina said:

@felipe said:

Type your comment> @vfina said:

Hi folks! I’m struggling with the questions 1 and 3. I’ve tried so many answers, but no one is the right one. Any hint?

search in forum, the answers its there

Thanks for the response! I know the leave_msg is an ELF for a 32 bit architecture, but it does not seem the correct answer! I’ve correctly answered question 3, but the 1 one is going to make me so mad

try different ways to write the answer, you way it’s ok

hello, i have some problems running gbd…

the errors that i get are:
./sysdeps/unix/sysv/linux/read.c: No such file or directory.
~/.gef-54e93efd89ec59e5d178fbbeda1fed890098d18d.py:2425: DeprecationWarning: invalid escape sequence ‘\A’

does somebody know how to fix this?