still smashing 😀 level5@io:/levels$ ./level05 level5@io:/levels$ ./level05 a a level5@io:/levels$ echo one 😀 let’s see the source code level5@io:/levels$ cat level05.c #include #include int main(int argc, char **argv) { char buf[128]; if(argc < 2) return 1; strcpy(buf, argv[1]); printf(“%s\n”, buf); return 0; }
level 4 😀 level4@io:~$ cd /levels/ level4@io:/levels$ ./level04 Welcome level5 level4@io:/levels$ ./level04 d Welcome level5 level4@io:/levels$ ./level04 $(python -c “print ‘A’ * 1024”) Welcome level5 so i will read the code int main() { char username[1024]; FILE* f = popen(“whoami”,”r”); fgets(username, sizeof(username), f); printf(“Welcome %s”, username); return 0; } popen to execute whoami
loaded the virtual machine and run netdiscover to get the machine IP oot@n1x:~# netdiscover Currently scanning: 192.168.39.0/16 | Screen View: Unique Hosts 4 Captured ARP Req/Rep packets, from 4 hosts. Total size: 240 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor —————————————————————————– 192.168.1.1 e8:94:f6:5d:c6:3b 01 060 Unknown vendor 192.168.1.2 00:18:fe:6d:61:27 01 060 Hewlett Packard … Read More
pretty good level I learned a few new stuff so lets hit the game level3@io:/levels$ ./level03 level3@io:/levels$ ./level03 9 level3@io:/levels$ ./level03 $(python -c “print ‘a’ * 10000 “) Segmentation fault fighting with the app till it crashes and hell yeah we start from fault 😀 so we need to see what’s going on level3@io:/levels$ gdb … Read More
time to play level2@io:/levels$ ./level02 source code is available in level02.c let’s read what it says level2@io:/levels$ cat level02.c //a little fun brought to you by bla #include <stdio.h> #include <stdlib.h> #include <signal.h> #include <setjmp.h> void catcher(int a) { setresuid(geteuid(),geteuid(),geteuid()); printf(“WIN!\n”); system(“/bin/sh”); exit(0); } int main(int argc, char **argv) { puts(“source code is available in … Read More
after login to the ssh server levels located on /levels so let’s play  level1 level2@io:/levels$ ls -alh level01 -r-sr-x— 1 level2 level1 1.2K Jan 13 2014 level01 as u notice it had suid permeation  -r-sr-x— for level2  so it will lead us to a user (level2 ) level1@io:/levels$ ./level01 Enter the 3 digit passcode to enter: … Read More
GPG = Gnu Privacy Guard To secure file from unauthorised access with the password in Linux/Unix is very simple method 🙂 lets assume we have a secure file with some financials stuff called orders.xls and we want to email it to our partners  and we  want to get sure just he is the only one … Read More