It's been a while, this week-end I was idling a bit on the internet when I saw shell-storm had their wargame started and there was 3h left before ending.
Here, no "tutorial" explaining how to pawn the challenges, just summing up the wargame a bit ;).
I decided to take a look and it was quite fun :).
I managed to go up to level6 in 1h20 and got stuck there.
So about the levels :
- level1 : Simple buffer overflow
- level2 : Same but the input string musn't contain 0xCD or 0x2F
- level3 : Buffer overflow in which the buffer MUST start with precise bytes
- level4 : Cleverly get the thing to print the interesting file
- level5 : It has a small protection checking for some input value before triggering the buffer overflow
- level6 : Simple format string
I let you analyze the other levels source code given by shell-storm ;).
So basically, for all the levels, I used these tools :
- metasploit pattern
And importantly, bash didn't set euid so we needed to use a payload that fix it : "bash -p payload".
That's all what was needed :).
Thanks Djo for your wargame, was pretty fun :),
- Challenges resume and sources : ShellStorm's Wargame 2010