Categories: Security, tech

after login to the ssh server

levels located on /levels

so let’s play  level1

as u notice it had suid permeation  -r-sr-x— for level2  so it will lead us to a user (level2 )

I entered any test number and it leads me with no respond 😀 crazy huh!

so I decided to look inside the binary file (quick look )

it had a sting “Enter the 3 digit passcode to enter: Congrats you found it, now read the password for level2 from /home/level2/.pass”

and it execute /bin/bash

so lets fire gdb and see what inside


first  puts() function to print the string above

then fscanf() function to read the passcode

then the sweet thing  a compare function

it compares between hex and data inside eax

so let’s see what hex says

seems  we got the passcode lets try it

I love to see



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.