Shell time!
40 points Medium

(Continued from RIP my bof)

Can you also get a shell? The flag is at /flag2.txt.

Hint: you do not need libc for this challenge.

nc thekidofarcrania.com 4902

Flag
Rating 4.80
5
4
3
2
1

Discussion

where is the .c file + aslar is enabled

0

Could someone please provide a hint for a solution that is not based on return-to-libc? I managed to solve the previous two BoFs.

0

omfg...i finally got it to work! no ret2libc...this has taken me months of running down rabbit holes with ROP and return to libc. props on this one dude 5/5!

0

is NX Turned on ? BeCause i know Damn well i Solved it but it's not Re2myShell

1

yes nx is turned on. if you have install pwntools it comes with checksec binary which will show you what the elf file is and if it had any protections turned on

0
Protected
2

well i started this like 5 days ago with no idea what ROP was and barely any understanding of how stacks or assembly or elf worked, and ended up solving it without libc and learning a ridiculous amount of great stuff. thanks!

1

nice chall

0

Any hint on how can I execute shellcode :(( The pointer address is constantly changing

0

How can I find the system and /bin/sh address of the server?

0

I can't get nc to not use UTF-8

1