This article contains my writeup on the machine Rope
from Hack The Box. I really enjoyed the box, since it provides a total of three custom binaries, which are supposed to be exploited 🙂
The article is divided into the following parts:
→ User
    – Initial Recon
    – httpserver
    – Leak Memory Address
    – Exploit Format String Vulnerability
    – Escalating from john to r4j (readlogs)
→ Root
    – Local Recon
    – contact
    – Bruteforce
    – Libc Leak
    – Final Exploit