Linux Boxes
safe (linux BoF)
nmapAutomator
http
port 1337
initial foothold
ghidra
buffer overflow
checksec
step 1: crash the application
step 2: find the offset
overwriting $rsp register to test calling main function twice
step 3: hijack system call
step 4: collect all the necessary parameters for a ROP chain exploit
disass main
disass test
step 5 write exploit.py
tweak for safe box
run
obj dump system & test
privilege escalation
dropping ssh key
exfiltrate keepass
crack keepass
organize picture files hashes
hashcat
kpcli
sudo into root
user/root
lessons learned