# Level 14

## how to login

username: level14

password: 2A31L79asukciNyi8uppkEuSx

## Goal

run `getflag` as user `flag14`

## Actually doing something

there is nothing -> let have fun with `getflag` binary

```bash
user14@SnowCrash:/tmp/gf$ mkdir -p /tmp/gf && cd /tmp/gf && cp $(which getflag) getflag.orig
user14@SnowCrash:/tmp/gf$ xxd getflag.orig > getflag.xxd.orig
user14@SnowCrash:/tmp/gf$ cat <<EOF >getflag.patch 
206c206
< 0000cd0: 89c3 c704 244e 9104 08e8 26f9 ffff 895c  ....$N....&....\
---
> 0000cd0: 89c3 c704 2420 9204 08e8 26f9 ffff 895c  ....$N....&....\
EOF
user14@SnowCrash:/tmp/gf$ # apply the patch
user14@SnowCrash:/tmp/gf$ xxd -r getflag.xxd.patched > getflag.patched
```

after applying this patch, we need to perform the level06 trick again so we have the correct UID

This patched modified the string pointed in the getflag binary for the UID 3006 is actually the string for the last uid

after this is done we have the flag

```bash
7QiHafiNa3HVozsaXkawuYrTstxbpABHD8CPnHJ
```

let check it

```bash
level14@SnowCrash:/tmp/gf$ su flag14
Password: 
Congratulation. Type getflag to get the key and send it to me the owner of this livecd :)
flag14@SnowCrash:~$ getflag
Check flag.Here is your token : 7QiHafiNa3HVozsaXkawuYrTstxbpABHD8CPnHJ
```