[terobau]

use /usr/bin/rshell to escalate to r4j

nice, a restricted shell. But how to escape ?

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF

[Consigliere]

RopeTwo user and easy root:

[Hidden Content]

zip file password protected!!!
What is the password?

[D0v3]

RopeTwo user and easy root:

[Hidden Content]

zip file password protected!!!
What is the password?

root hash

[Consigliere]

RopeTwo user and easy root:

[Hidden Content]

zip file password protected!!!
What is the password?

root hash

Ok....so you sell a password protected zip file without password..........

[teksius]

use /usr/bin/rshell to escalate to r4j

nice, a restricted shell. But how to escape ?

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF

Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?

[0xvijay]

Guys anyone got user please give that heap exploit.

[terobau]

use /usr/bin/rshell to escalate to r4j

nice, a restricted shell. But how to escape ?

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF

Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?

add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer

---

Guys anyone got user please give that heap exploit.

i can give you exploit, but not for free

[0xvijay]

nice, a restricted shell. But how to escape ?

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF

Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?

add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer

---

Guys anyone got user please give that heap exploit.

i can give you exploit, but not for free

PM me i cant pm you

[0xvijay]

anyone have idea to get user or root?

[helloclarice]

damn son ... rope 2

hats off to u !!!

;-)

[esh_din1]

Any updates on user part....?

[teksius]

[quote="terobau" pid='3026089' dateline='1604335626']
[quote="dory23" pid='3026004' dateline='1604334454']

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF

Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?

add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer

---

Ok, thank you! but how to leak libc address?  Could you give a nudge please?