SMASH THE STACK LEVEL4

level 4 ๐Ÿ˜€

so i will read the code

popen to execute whoami

save the output in f

fgets to read the output

print f to print the output

very simple one

I don’t think it needs overflow ๐Ÿ˜€

I can trick the software to read /home/level5/.pass

as it uses command whoami

and this command located in my system

it finds it through the $PATH

so this is the point

i will create new file in /tmp/level04/whoami

same name of the command

content

catย /home/level5/.pass

so when it runs my whoami then read the password

so I have to set theย /tmp/level04 in my path variable + it should be loaded before any other apps in bins

very simple for me

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.