(Continued from RIP my bof)
Can you also get a shell? The flag is at /flag2.txt.
Hint: you do not need libc for this challenge.
nc thekidofarcrania.com 4902
11 months ago
where is the .c file + aslar is enabled
1 year ago
Could someone please provide a hint for a solution that is not based on return-to-libc? I managed to solve the previous two BoFs.
omfg...i finally got it to work! no ret2libc...this has taken me months of running down rabbit holes with ROP and return to libc. props on this one dude 5/5!
is NX Turned on ? BeCause i know Damn well i Solved it but it's not Re2myShell
yes nx is turned on. if you have install pwntools it comes with checksec binary which will show you what the elf file is and if it had any protections turned on
2 years ago
well i started this like 5 days ago with no idea what ROP was and barely any understanding of how stacks or assembly or elf worked, and ended up solving it without libc and learning a ridiculous amount of great stuff. thanks!
Any hint on how can I execute shellcode :(( The pointer address is constantly changing
How can I find the system and /bin/sh address of the server?
3 years ago
This supposed be easy, i mean hard :3. Wasting about 1 hours. But worth
congrats to the first blood tho :)
I solved this task. I would like to know how you managed to compile the program so that the memory address is unchanged. If you open "server" in IDA, the start address = 0x08048000. When I compile my task, the start address = 0, but when debugging it is constantly changing. I have not found any articles describing this problem. FROM RUSSIA WITH LOVE))
It worked on my local machine. Idk why it did not in your netcat
libc on your machine isn't the same as libc on the server
I can't get nc to not use UTF-8