RainbowTwo
RainbowTwo
RainbowTwo 743
RainbowTwo
RETIRED MACHINE

RainbowTwo

RainbowTwo - Windows Windows
RainbowTwo - Hard Hard

5

MACHINE RATING

48

USER OWNS

41

SYSTEM OWNS

23/09/2025

RELEASED
Created by xct

Machine Synopsis

RainbowTwo is a Hard Windows machine centered around exploit development for a custom network file-sharing service. Initial enumeration reveals anonymous FTP access and an unknown service listening on TCP port `2121`. The FTP share exposes the vulnerable service binary, a developer README, and a copy of `SysWOW64\kernel32.dll`. The README confirms that the service was rebuilt with `ASLR`, `DEP`, and `GS` enabled. Static and dynamic analysis then shows that the service is still vulnerable to a format string issue and a stack-based overflow that overwrites the SEH chain. The format string leak provides a reliable ASLR bypass by disclosing a pointer inside `filesrv.exe`; the SEH overwrite provides control of the exception handler; and a ROP chain calls `VirtualAlloc` to bypass DEP. Privilege escalation is achieved by abusing `SeDebugPrivilege` to migrate into a SYSTEM process.

Machine Matrix

Ready to start your
hacking journey?