Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not sure why you're getting downvoted, but debugging a "crack me" app while running as root is probably a bad idea.

Even if this is inside a VM, it might give the wrong message to someone wanting to try this for themselves.




I've played in many CTFs and written challenges for a few. Unpleasant surprises in the binaries, especially when run as root aren't uncommon.


You could also attack the VM:

http://www.cvedetails.com/vulnerability-list/vendor_id-93/pr...


Given this, what is the best first step? Best we can tell, he was running root in a VM that was running as an ordinary user. What more can be done, aside from running it on a throwaway machine? Running on a cloud instance, perhaps?


Perhaps a LiveCD/LiveUSB, with a VM inside of it?

Then a compromise would need to be:

Local VM user -> root VM user -> local LiveCD user -> root liveCD user -> hardware exploits


Christ I had no idea Virtualbox was that riddled with holes. I wonder how many of those have been fixed.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: