I am running this verybad service to see how can people attack this and extract information.

verybad.kushaldas.in:8000/

Give it a go and let me know what all can you find :)

Happy hacking!!

Follow

@kushal Are we supposed to disable ASLR, etc?

What all should we find?

· · Web · 2 · 0 · 0

@akshay I don’t know what all damage you can do in this, the best is if you can get a shell or RCE.

@kushal Well, I gave up :/

Basically all of /proc is readable. With that I could see what all things are actually available.
ld-linux-x86-64.so.2 can probably run files even without executable bit? But rocket limits Vec<u8> to 8 KiB and so I couldn't post anything useful in.

@kushal It's probably possible to override some of that by memory manipulation - but I have no clue how to do any of that.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!