Hi people!

It’s been a while, this week-end I was idling a bit on the internet when I saw shell-storm had their wargame started and there was 3h left before ending.

Here, no “tutorial” explaining how to pawn the challenges, just summing up the wargame a bit ;).

I decided to take a look and it was quite fun :).

I managed to go up to level6 in 1h20 and got stuck there.

So about the levels :

  • level1 : Simple buffer overflow
  • level2 : Same but the input string musn’t contain 0xCD or 0x2F
  • level3 : Buffer overflow in which the buffer MUST start with precise bytes
  • level4 : Cleverly get the thing to print the interesting file
  • level5 : It has a small protection checking for some input value before triggering the buffer overflow
  • level6 : Simple format string I let you analyze the other levels source code given by shell-storm ;).

So basically, for all the levels, I used these tools :

  • metasploit pattern
  • gdb
  • python

And importantly, bash didn’t set euid so we needed to use a payload that fix it : bash -p payload.

That’s all what was needed :).

Thanks Djo for your wargame, was pretty fun :),

m_101

Resources