Smash the Stack IO64 - Level01

Level01

Im Folgenden geht es um das Wargame Smash the Stack in der 64bit Variante.

______   _____
/\__  _\ /\  __`\       Levels are in /levels
\/_/\ \/ \ \ \/\ \      Passes are in ~/.pass
   \ \ \64\ \ \ \ \     
    \_\ \__\ \ \_\ \
    /\_____\\ \_____\   Server admin: bla ([email protected])
    \/_____/ \/_____/   Server admin: noname

        1. No DoS, local or otherwise
        2. Do not try to connect to remote systems from this box
        3. Quotas, watch resources usage, max 2 connections per IP


- new level 8 by noname
- new level 9 by bla


notice: ACCESS to this system is PROHIBITED to any and all current
and former employees and contractors of MSAB (Micro Systemation).

Walkthrough

Viele Wege führen zum Ziel, hier nun meiner. Wer also die Level selber lösen möchte, sollte an dieser Stelle aussteigen. Im weiteren wird auf genaue Erläuterung verzichtet, da diese aus dem Kontext hervor gehen.

[email protected]:/levels$ ./level01 
Usage:
        ./level01 [password]
[email protected]:/levels$ ls level01*
level01  level01.sqlite
[email protected]:/levels$ file level01.sqlite
level01.sqlite: SQLite 3.x database
[email protected]:/levels$ objdump -D level01 | grep sqlite3
0000000000400810 <[email protected]>:
0000000000400850 <[email protected]>:
0000000000400860 <[email protected]>:
0000000000400870 <[email protected]>:
0000000000400880 <[email protected]>:
0000000000400890 <[email protected]>:
 4009e8:   e8 23 fe ff ff    callq  400810 <[email protected]>
 400a14:   e8 77 fe ff ff    callq  400890 <[email protected]>
 400a2d:   e8 1e fe ff ff    callq  400850 <[email protected]>
 400a47:   e8 24 fe ff ff    callq  400870 <[email protected]>
 400a93:   e8 e8 fd ff ff    callq  400880 <[email protected]>
 400a9f:   e8 bc fd ff ff    callq  400860 <[email protected]>
[email protected]:/levels$ sqlite3 level01.sqlite 
SQLite version 3.7.13 2012-06-11 02:05:22
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> .headers on
sqlite> .mode column
sqlite> .width 45, 20
sqlite> .tables
password
sqlite> select * from password;
password                                       id
---------------------------------------------  --------------------
Administ                                       rator
sqlite>
[email protected]:/levels$ ./level01 Administ
$ whoami
level2
$ cat /home/level2/.pass
lY92adX0uURmL5XX
$

Referenzen