SmashTheStack - IO Level01
Recently I have been attempting to improve my programming knowledge by trying to grasp a deeper understanding of the memory allocations and getting deeper into the ways the computer handles it’s processes.
I figured a great way to do this would be to look more into exploitation, and so I picked up the book “The Art of Exploitation” which was an excellent read and I recomend it to any programmer looking to take the red
pill and see all the mess and loopholes that can be created when ignorantly hacking together programs in high level languages.
While reading this book and getting closer to the “hacker” community I found more about
wargames, which is how I wound up at SmashTheStack.org and writing these tutorials as I’ve conquered them one at a time.I would like to point out that this is definitely not the first tract of wargames I have done, but it is the first I will try to document and explain as I go through, both for myself and anyone who happens upon this.
The obvious first step would be to investigate the file and find out what needs to be done:
1 |
|
The program does not offer any hints, but we can assume that if we enter the right code it will either print the password to level2 or drop us into a shell with permissions to read the password to the next level.
I also tried to break the program by enter bad data to see if it would return anything funky, though it didn’t help.
The next step I tried was to run a simple “strings” command on the file, though since we are looking for a number this was unlikely to help.
1 |
|
Now, we must plunge deeper into the mysterious world of machine code by looking at the assembly instructions located inside of the executable.
1 |
|
From this objdump we see that there is a comparison at 0x804808f, which most likely is comparing the user input to the correct password.
I then started debugging the file with gdb to locate the password, that should be stored at 0x10f.
1 |
|
After investigating and printing the value at that location we see a three digit number! This is then plugged in and a shell is opened and we are able to read the .pass file.
1 |
|
I hope people find this walkthrough helpful. I will continue through these levels and try to post write ups as I get further. I hope my noobie attempts at these levels will help people of a more
amateur experience level understand what to do and how to navigate these commands. Happy smashing!