Need help lab6B rpisec's MBE

exploit

#1

Hi
I’m doing the RPISEC’s Modern Binary Exploitation series of challenges
But i’m totally stuck for days on the lab6B… So I decided to look for the solution and … I don’t understand nothing about this exploit…
So I’m here to ask you for help if you did the MBE, I would really like to have som help to understand this challenge…
Here is the working exploit : lab6B.py

Thanks !


#2

You mentioned lab4B yet you link to lab6B’s exploit.


#3

Oh sorry i’ts the lab6B ! I edit my message


#4

Helping you wouldn’t help you actually, if you know what I mean. Unless you’re stuck for at least 2-3 weeks then feel free to look at solutions. Here’s another explanation. Have you identified the bug? That lab might require some tiny bruteforcing iirc.


#5

Ok thank you !
So even If I’m stuck for days I shouldn’t look a the solution unless it lasts 2-3 weeks ? When i’m stuck for days I feel like i’m stupid ^^, and I don’t have the feeling to improving myself very much , maybe because I give up too quickly ?

I think there is an off by one vulnerability in the 2 strncpy in login_prompt.


#6

There are pwnables which have taken me more than 2-3 weeks! This non-stop back and forth between repeated failures will teach you more than if you had solved the challenge within the first day. Just keep at it.


#7

Ok thank you, I’ll try harder :smiley:


#8