Possibly Related Threads…

x1rx · Sep 06, 2024, 02:29 AM

Let's discuss the pwn challenge

macavitysworld · Sep 06, 2024, 04:12 PM

(Sep 06, 2024, 02:29 AM)x1rx Wrote: Let's discuss the pwn challenge

I haven't completed the exploit part, but this should lead you; Leak heap → leak libc → off-by-one overwrite → brute-force stack alignment → return to libc → get the flag.

Axura · (This post was last modified: Sep 07, 2024, 03:51 AM by Axura.)

http://4xura.com/wp-content/uploads/2024...bf_all.jpg

These hints should be enough to show you the path finishing the exploit part. Enjoy

macavitysworld · Sep 07, 2024, 06:19 AM

(Sep 07, 2024, 03:28 AM)Axura Wrote:
http://4xura.com/wp-content/uploads/2024...bf_all.jpg

These hints should be enough to show you the path finishing the exploit part. Enjoy

My instance always gets fcked up! lol Smile

x1rx · (This post was last modified: Sep 12, 2024, 05:33 PM by x1rx.)

1 - heap leak
2 - libc leak
3 - rbp leak
4 - stack pivot --> new rbp with off by null
5 - rop chain
6 - hijack execution flow

All steps are done and I got the flag(while loop) but my script is unstable . When I use off by null and pivoting on stack , process crashes .

What am I missing? any hint

liruokemx · (This post was last modified: Mar 05, 2025, 09:09 AM by liruokemx.)

exp.py

Hidden Content

You must register or login to view this content.

NoobMaster669 · Mar 12, 2025, 06:06 AM

this is a good initiative will like to see this
will appreciate if got it free

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	369	91,625	1 hour ago Last Post: sabbyahmed
	[FREE] HackTheBox All Cheatsheets	Tamarisk	2	333	9 hours ago Last Post: hibreackignos
	CBBH Write Ups	hiddenhacker	22	6,196	11 hours ago Last Post: Usercomplex
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	86	7,777	Yesterday, 11:39 PM Last Post: my4ri0d0
	rev_dudidudida	cavour13	1	246	Yesterday, 12:25 AM Last Post: 0xcreep