Rope HacktheBox Writeup

This writeup documents full exploitation of the HackTheBox "Rope" machine: initial reconnaissance revealed an LFI and a 32-bit httpserver binary; the author leaked /proc/self/maps and libc, performed a format-string GOT overwrite (puts -> system) to trigger a base64-encoded reverse shell as user 'john', escalated to r4j by overwriting a privileged library (liblog.so) to execute system() via sudo, and finally rooted the box by exploiting a 64-bit forking socket server with a stack buffer overflow and ROP (including canary and address brute-forcing). The report includes PoC Python exploits, build commands, and detailed exploitation steps.