SKILLS ASSSSMENT

We were able to gain SSH access to a Linux machine whose password was reused by another machine during our penetration test.

On this machine, we have a standard user "htb-student" who can leave a message to the administrator using a self-written program called "leave_msg." Since the target company pays a lot of attention to defense from outside their network, and the administrator's appearance showed high self-confidence, it may indicate that local security was disregarded.

After our research, we found out that these messages are stored in "/htb-student/msg.txt," which is binary owned by the user root, and the SUID bit is set.

Examine the program and find out if it is vulnerable to a Stack-Based Buffer Overflow. If you have found the vulnerability, then use it to read the file "/root/flag.txt" placed on the system as proof.

Determine the file type of "leave_msg" binary and submit it as the answer.

How many bytes in total must be sent before reaching EIP?

Submit the size of the stack space after overwriting the EIP as the answer. (Format: 0x00000)

Read the file "/root/flag.txt" and submit the content as the answer.

PreviousPRACTICAL EXERCISES Next05.STACK-BASED BUFFER OVERFLOWS ON WINDOWS X86

Last updated 1 month ago