Posts
13
Threads
2
Joined
Apr 2020
November 02, 2020 at 05:47 PM
(November 02, 2020 at 05:27 PM)dory23 Wrote: (November 02, 2020 at 04:55 PM)mandoline Wrote: (November 02, 2020 at 03:53 PM)dory23 Wrote: use /usr/bin/rshell to escalate to r4j
nice, a restricted shell. But how to escape ?
use google and there is a website that has the enough documentation about this shell and how do they work
It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF
Posts
80
Threads
18
Joined
Jun 2019
1 Year of service
November 04, 2020 at 04:50 AM
(November 04, 2020 at 02:16 AM)D0v3 Wrote: RopeTwo user and easy root:
[Hidden Content]
zip file password protected!!!
What is the password?
Posts
4
Threads
0
Joined
Nov 2020
November 04, 2020 at 04:51 AM
(November 04, 2020 at 04:50 AM)Consigliere Wrote: (November 04, 2020 at 02:16 AM)D0v3 Wrote: RopeTwo user and easy root:
[Hidden Content]
zip file password protected!!!
What is the password?
root hash
Posts
80
Threads
18
Joined
Jun 2019
1 Year of service
November 04, 2020 at 04:53 AM
This post was last modified: November 04, 2020 at 06:08 AM by Consigliere.
(November 04, 2020 at 04:51 AM)D0v3 Wrote: (November 04, 2020 at 04:50 AM)Consigliere Wrote: (November 04, 2020 at 02:16 AM)D0v3 Wrote: RopeTwo user and easy root:
[Hidden Content]
zip file password protected!!!
What is the password?
root hash Ok....so you sell a password protected zip file without password..........
Posts
14
Threads
0
Joined
Jul 2020
November 16, 2020 at 11:57 AM
(November 02, 2020 at 05:47 PM)terobau Wrote: (November 02, 2020 at 05:27 PM)dory23 Wrote: (November 02, 2020 at 04:55 PM)mandoline Wrote: (November 02, 2020 at 03:53 PM)dory23 Wrote: use /usr/bin/rshell to escalate to r4j
nice, a restricted shell. But how to escape ?
use google and there is a website that has the enough documentation about this shell and how do they work
It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?
Posts
101
Threads
17
Joined
Nov 2020
November 16, 2020 at 12:42 PM
Guys anyone got user please give that heap exploit.
Posts
13
Threads
2
Joined
Apr 2020
November 16, 2020 at 01:39 PM
This post was last modified: November 16, 2020 at 01:40 PM by terobau.
(November 16, 2020 at 11:57 AM)teksius Wrote: (November 02, 2020 at 05:47 PM)terobau Wrote: (November 02, 2020 at 05:27 PM)dory23 Wrote: (November 02, 2020 at 04:55 PM)mandoline Wrote: (November 02, 2020 at 03:53 PM)dory23 Wrote: use /usr/bin/rshell to escalate to r4j
nice, a restricted shell. But how to escape ?
use google and there is a website that has the enough documentation about this shell and how do they work
It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?
add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer
(November 16, 2020 at 12:42 PM)0xvijay Wrote: Guys anyone got user please give that heap exploit. i can give you exploit, but not for free
Posts
101
Threads
17
Joined
Nov 2020
November 17, 2020 at 06:48 AM
(November 16, 2020 at 01:39 PM)terobau Wrote: (November 16, 2020 at 11:57 AM)teksius Wrote: (November 02, 2020 at 05:47 PM)terobau Wrote: (November 02, 2020 at 05:27 PM)dory23 Wrote: (November 02, 2020 at 04:55 PM)mandoline Wrote: nice, a restricted shell. But how to escape ?
use google and there is a website that has the enough documentation about this shell and how do they work
It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?
add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer
(November 16, 2020 at 12:42 PM)0xvijay Wrote: Guys anyone got user please give that heap exploit. i can give you exploit, but not for free
PM me i cant pm you
Posts
101
Threads
17
Joined
Nov 2020
November 20, 2020 at 04:14 AM
anyone have idea to get user or root?
Posts
95
Threads
9
Joined
Apr 2020
November 20, 2020 at 08:16 PM
damn son ... rope 2
hats off to u !!!
;-)
Posts
34
Threads
8
Joined
Apr 2020
November 24, 2020 at 07:53 AM
Any updates on user part....?
Posts
14
Threads
0
Joined
Jul 2020
December 01, 2020 at 10:19 PM
(November 17, 2020 at 06:48 AM)0xvijay Wrote: (November 16, 2020 at 01:39 PM)terobau Wrote: (November 16, 2020 at 11:57 AM)teksius Wrote: [quote="terobau" pid='3026089' dateline='1604335626']
[quote="dory23" pid='3026004' dateline='1604334454']
use google and there is a website that has the enough documentation about this shell and how do they work
It's not a restricted shell that you are thinking, download the binary and reverse it.....
It has got UAF Hi!
Could you explain the UAF please?
I need to play with the size of files somehow?
add a file
then edit it while editing it pass size 0, now the chunk should be freed but you still have access to that chunk pointer
Ok, thank you! but how to leak libc address? Could you give a nudge please?
|