JOIN BREACHFORUMS TELEGRAM
HTB - Scanner (Challenge)
by x1rx - Friday September 6, 2024 at 02:29 AM
Advanced User

Posts: 70
Threads: 7
Joined: Jul 2024
Reputation: 5
#1
Sep 06, 2024, 02:29 AM
Let's discuss the pwn challenge
Reply
katopia.me
VIP
Posts: 245
Threads: 29
Joined: Nov 2023
Reputation: 132
#2
Sep 06, 2024, 04:12 PM
(Sep 06, 2024, 02:29 AM)x1rx Wrote: Let's discuss the pwn challenge

I haven't completed the exploit part, but this should lead you; Leak heap → leak libc → off-by-one overwrite → brute-force stack alignment → return to libc → get the flag.
Thanks @paw for the rank!!
Website
Reply
Breached
Member
Posts: 8
Threads: 1
Joined: Jan 2024
Reputation: 3
#3
Sep 07, 2024, 03:28 AM (This post was last modified: Sep 07, 2024, 03:51 AM by Axura.)
[Image: dwM3f8B.png]
http://4xura.com/wp-content/uploads/2024...bf_all.jpg

These hints should be enough to show you the path finishing the exploit part. Enjoy
Reply
katopia.me
VIP
Posts: 245
Threads: 29
Joined: Nov 2023
Reputation: 132
#4
Sep 07, 2024, 06:19 AM
(Sep 07, 2024, 03:28 AM)Axura Wrote: [Image: dwM3f8B.png]
http://4xura.com/wp-content/uploads/2024...bf_all.jpg

These hints should be enough to show you the path finishing the exploit part. Enjoy

My instance always gets fcked up! lol Smile
Thanks @paw for the rank!!
Website
Reply
Advanced User

Posts: 70
Threads: 7
Joined: Jul 2024
Reputation: 5
#5
Sep 12, 2024, 05:31 PM (This post was last modified: Sep 12, 2024, 05:33 PM by x1rx.)
1 - heap leak
2 - libc leak
3 - rbp leak
4 - stack pivot --> new rbp with off by null
5 - rop chain
6 - hijack execution flow


All steps are done and I got the flag(while loop) but my script is unstable . When I use off by null and pivoting on stack , process crashes .

What am I missing? any hint
Reply
Breached
Member
Posts: 8
Threads: 3
Joined: Oct 2024
Reputation: 0
#6
Mar 05, 2025, 09:08 AM (This post was last modified: Mar 05, 2025, 09:09 AM by liruokemx.)
exp.py
Hidden Content
You must register or login to view this content.
Reply
Breached
Member
Posts: 6
Threads: 0
Joined: Feb 2025
Reputation: 0
#7
Mar 12, 2025, 06:06 AM
this is a good initiative will like to see this 
will appreciate if got it free
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 20 2,450 3 hours ago
Last Post: op334
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 3 370 3 hours ago
Last Post: op334
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 369 91,828 10 hours ago
Last Post: sabbyahmed
  CBBH Write Ups hiddenhacker 22 6,215 Yesterday, 06:39 AM
Last Post: Usercomplex
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 86 7,798 Apr 28, 2026, 11:39 PM
Last Post: my4ri0d0

Forum Jump:


 Users browsing this forum: 1 Guest(s)