Google Drive Information Leak

Google Drive & Gmail attachments Leak This part of Google bounty program [IDOR] exploit to allow the attacker to leak your Google Drive files and this mean attacker could leak Gmail attachments that uploaded to Google Drive, Photos you shared with Gmail or any other third party

SMASH THE STACK LEVEL6

Smash The Stack  Level 6

this app take 2 argument 1 – username 2- password it takes it then say hi also, it checks ur env language and change the msg

let’s make some love with gdb btw without change ur language, it will not overwrite the EIP

SMASH THE STACK LEVEL 5

still smashing 😀

echo one 😀 let’s see the source code

SMASH THE STACK LEVEL4

level 4 😀

so i will read the code

popen to execute whoami

underc0de 3 WalkThrough

loaded the virtual machine and run netdiscover to get the machine IP

x.112 is  the target   so let’s see what ports available

apache is on 😀 so let’s brute-force the directory in the server

SMASH THE STACK LEVEL3

pretty good level I learned a few new stuff so lets hit the game

fighting with the app till it crashes and hell yeah we start from fault 😀 so we need to see what’s going on

SMASH THE STACK LEVEL2

time to play

let’s read what it says

first function catcher  and it trigger the suid  and drop the bash nice  this is what we want

SMASH THE STACK Level1

after login to the ssh server levels located on /levels so let’s play  level1

as u notice it had suid permeation  -r-sr-x— for level2  so it will lead us to a user (level2 )

I entered any test number and it leads me with no respond 😀 crazy huh! so I decided to look […]