docs(lvl14): adding the english readme
This commit is contained in:
Raphael
parent
63b373efde
commit
9e3d9cd2be
1 changed files with 7 additions and 8 deletions
|
|
@ -1,10 +1,10 @@
|
|||
Le repertoire de level14 est vide et aucun flag restant apparent... il ne reste plus qu'a regarder directement dans getflag :eyes:
|
||||
The directory of level14 is empty and no remaining flag apparent... there is only one thing left which is to look directly into getflag :eyes:
|
||||
|
||||
(Pour etre honnete je souhaiter faire ca pour tous les flags mais j'ai ete spoiler que c'etait le dernier niveau)
|
||||
(To be honest I wanted to do this for all the flags but I was spoiled that it was the last level)
|
||||
|
||||
En regardant le code ca ressemble a une foret de if else if
|
||||
By looking at the code it looks like a forest of if else if.
|
||||
|
||||
En passant par le main j'obtiens ce message
|
||||
By passing through the main I obtain this message.
|
||||
```asm
|
||||
(gdb) b main
|
||||
Breakpoint 1 at 0x804894a
|
||||
|
|
@ -18,13 +18,13 @@ You should not reverse this
|
|||
[Inferior 1 (process 2506) exited with code 01]
|
||||
```
|
||||
|
||||
c'est ptrace qui nous empeche de faire ce que nous souhaitons
|
||||
It is ptrace which prevents us from doing what we want.
|
||||
```asm
|
||||
8048989: e8 b2 fb ff ff call 8048540 <ptrace@plt>
|
||||
804898e: 85 c0 test eax,eax
|
||||
```
|
||||
|
||||
J'ai donc pu le bypass il suffit d'aller a ptrace puis de mettre eax a 0 (afin qu'il pense que c'est une execution classique)
|
||||
I therefore could bypass it, it is enough to go to ptrace then to set eax to 0 (so that it thinks that it is a classic execution).
|
||||
```asm
|
||||
gdb /bin/getflag
|
||||
(gdb) b ptrace
|
||||
|
|
@ -45,7 +45,7 @@ Check flag.Here is your token :
|
|||
Nope there is no token here for you sorry. Try again :)
|
||||
```
|
||||
|
||||
Voici l'exploit complet avec le changement de la return value de getuid pour 3014 (soit d'apres /etc/passwd l'uid de flag14)
|
||||
Here is the complete exploit with the change of the return value of getuid to 3014 (that is according to /etc/passwd the uid of flag14).
|
||||
```asm
|
||||
gdb /bin/getflag
|
||||
(gdb) b ptrace
|
||||
|
|
@ -75,5 +75,4 @@ which has no line number information.
|
|||
Single stepping until exit from function main,
|
||||
which has no line number information.
|
||||
Check flag.Here is your token : 7QiHafiNa3HVozsaXkawuYrTstxbpABHD8CPnHJ
|
||||
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue