diff --git a/rparodi/level10/README.md b/rparodi/level10/README.md index 8a7d2a5..002b2e7 100644 --- a/rparodi/level10/README.md +++ b/rparodi/level10/README.md @@ -1,4 +1,4 @@ -Lors de mon arriver sur le level10 je remarque 2 fichier dans mon home +Then arriving on level10 I notice 2 files in my home. ```bash ls -l @@ -7,14 +7,14 @@ total 16 -rw------- 1 flag10 flag10 26 Mar 5 2016 token ``` -level10 est un executable qui prends 2 arguments +level10 is an executable which takes 2 arguments. ```bash ./level10 ./level10 file host sends file to host if you have access to it ``` -Bien sur token n'est pas lisible par le programme +Of course token is not readable by the program. ```c ltrace ./level10 ./token __libc_start_main(0x80486d4, 2, 0xbffff7e4, 0x8048970, 0x80489e0 @@ -25,7 +25,7 @@ exit(1 +++ exited (status 1) +++ ``` -Je tente de faire un autre fichier /tmp/test et de lancer le programme avec +I try to make another file /tmp/test and to launch the program with it. ```bash echo 'test' > /tmp/test @@ -50,7 +50,7 @@ puts("wrote file!"wrote file! +++ exited (status 12) +++ ``` -Il essaye donc l'envoyer un fichier sur le 6969, effectivement lors de la l'ecoute du port avec netcat +It therefore tries to send a file on port 6969. Indeed while listening on the port with netcat: ```bash nc -lv 6969 Connection from 127.0.0.1 port 6969 [tcp/*] accepted @@ -58,13 +58,13 @@ Connection from 127.0.0.1 port 6969 [tcp/*] accepted test ``` -Le programme semble s'arreter a access lorsque il n'est pas possible de lire le fichier -Mais access est vulnerable a TOUCTOU (Time-Of-Check to Time-Of-Use) -Je vais donc faire un script en bash pour effectuer l'exploit +The program seems to stop at access when it is not possible to read the file. +But access is vulnerable to TOCTOU (Time-Of-Check to Time-Of-Use). +I therefore make a bash script to perform the exploit. ```bash Connection from 127.0.0.1 port 6969 [tcp/*] accepted .*( )*. woupa2yuojeeaaed06riuj63c ``` -au bout de 30s le flag tombe +After 30 seconds the flag drops.