TUTORIAL RopeTwo
by terobau - October 27, 2020 at 04:48 PM
Thread Closed 
GOD User
GOD Upgraded Member
Posts 111
Threads 23
Joined Jun 2019
Reputation 82
2 Years of service

Achieve 1 month of online time.
#13
November 04, 2020 at 04:53 AM This post was last modified: November 04, 2020 at 06:08 AM by Consigliere.
(November 04, 2020 at 04:51 AM)D0v3 Wrote:
(November 04, 2020 at 04:50 AM)Consigliere Wrote:
(November 04, 2020 at 02:16 AM)D0v3 Wrote: RopeTwo user and easy root:

[Hidden Content]

zip file password protected!!!
What is the password?

root hash
Ok....so you sell a password protected zip file without password..........
V.I.P User
VIP Upgraded Member
Posts 20
Threads 1
Joined Jul 2020
Reputation 1
1 Year of service

#14
November 16, 2020 at 11:57 AM
(November 02, 2020 at 05:47 PM)terobau Wrote:
(November 02, 2020 at 05:27 PM)dory23 Wrote:
(November 02, 2020 at 04:55 PM)mandoline Wrote:
(November 02, 2020 at 03:53 PM)dory23 Wrote: use /usr/bin/rshell to escalate to r4j


nice, a restricted shell. But how to escape ?

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF
Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?
Elite User
Posts 100
Threads 17
Joined Nov 2020
Reputation 55
#15
November 16, 2020 at 12:42 PM
Guys anyone got user please give that heap exploit.
New User
Member
Posts 13
Threads 2
Joined Apr 2020
Reputation 24
1 Year of service
#16
November 16, 2020 at 01:39 PM This post was last modified: November 16, 2020 at 01:40 PM by terobau.
(November 16, 2020 at 11:57 AM)teksius Wrote:
(November 02, 2020 at 05:47 PM)terobau Wrote:
(November 02, 2020 at 05:27 PM)dory23 Wrote:
(November 02, 2020 at 04:55 PM)mandoline Wrote:
(November 02, 2020 at 03:53 PM)dory23 Wrote: use /usr/bin/rshell to escalate to r4j


nice, a restricted shell. But how to escape ?

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF
Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?

add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer
(November 16, 2020 at 12:42 PM)0xvijay Wrote: Guys anyone got user please give that heap exploit.
i can give you exploit, but not for free
Elite User
Posts 100
Threads 17
Joined Nov 2020
Reputation 55
#17
November 17, 2020 at 06:48 AM
(November 16, 2020 at 01:39 PM)terobau Wrote:
(November 16, 2020 at 11:57 AM)teksius Wrote:
(November 02, 2020 at 05:47 PM)terobau Wrote:
(November 02, 2020 at 05:27 PM)dory23 Wrote:
(November 02, 2020 at 04:55 PM)mandoline Wrote: nice, a restricted shell. But how to escape ?

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF
Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?

add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer
(November 16, 2020 at 12:42 PM)0xvijay Wrote: Guys anyone got user please give that heap exploit.
i can give you exploit, but not for free

PM me i cant pm you
Elite User
Posts 100
Threads 17
Joined Nov 2020
Reputation 55
#18
November 20, 2020 at 04:14 AM
anyone have idea to get user or root?
Advanced User
Posts 95
Threads 9
Joined Apr 2020
Reputation 65
1 Year of service
#19
November 20, 2020 at 08:16 PM
damn son ... rope 2

hats off to u !!!

;-)
New User
Member
Posts 34
Threads 9
Joined Apr 2020
Reputation 43
1 Year of service
#20
November 24, 2020 at 07:53 AM
Any updates on user part....?
V.I.P User
VIP Upgraded Member
Posts 20
Threads 1
Joined Jul 2020
Reputation 1
1 Year of service

#21
December 01, 2020 at 10:19 PM
(November 17, 2020 at 06:48 AM)0xvijay Wrote:
(November 16, 2020 at 01:39 PM)terobau Wrote:
(November 16, 2020 at 11:57 AM)teksius Wrote: [quote="terobau" pid='3026089' dateline='1604335626']
[quote="dory23" pid='3026004' dateline='1604334454']

use google and there is a website that has the enough documentation about this shell and how do  they work

It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF
Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?

add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer

Ok, thank you! but how to leak libc address?  Could you give a nudge please?

Possibly Related Threads…
Thread Author Replies Views Last Post
FLAG RopeTwo hehe6873 0 470 April 02, 2021 at 05:25 AM
Last Post: hehe6873
BUYING ROPETWO ROOT HASH (Buying) 0xvijay 18 2,834 January 11, 2021 at 04:39 AM
Last Post: nero007
TUTORIAL RopeTwo Doop3r 20 3,682 January 01, 2021 at 09:17 PM
Last Post: Buttmuncher

 Users browsing this thread: 1 Guest(s)