IO wargame (smash the stack) level 1

En este primer nivel del wargame IO de smash the stack tenemos un ejemplo de dónde podemos usar ltrace

Primero de todo nos conectamos al servidor y obtenemos las instrucciones:

$ ssh level1@io.smashthestack.org -p2224
The authenticity of host '[io.smashthestack.org]:2224 ([174.36.209.18]:2224)' can't be established.
RSA key fingerprint is f9:ac:35:48:0b:50:dc:5d:7e:00:f5:ec:c3:65:27:36.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[io.smashthestack.org]:2224,[174.36.209.18]:2224' (RSA) to the list of known hosts.
level1@io.smashthestack.org's password:
 ______   _____
/\__  _\ /\  __`\
\/_/\ \/ \ \ \/\ \      Levels are in /levels
   \ \ \  \ \ \ \ \     Passes are in ~/.pass
    \_\ \__\ \ \_\ \
    /\_____\\ \_____\   Server admin: beach (beach@smashthestack.org)
    \/_____/ \/_____/   Server janitor: bla

        1. No DoS, local or otherwise
        2. Do not try to connect to remote systems from this box
        3. Only two connections per IP are allowed
        4. Quotas are in place so don't waste resources
        5. This rules list is not all inclusive and is subject to change
        6. Have fuN++

				(28 levels)

- use long names in /tmp, short stuff is periodically deleted, as are
easily guessable ones
- irc meetup ioday planned for August 7th
- o and feel free to leave your email in /home/email.list (it's writeonly)

A continuación probamos el nivel:

level1@io:/levels$ ./level01
Usage: ./level01 <password>
level1@io:/levels$ ./level01 aa
Fail.

Podemos proceder a probar a ver que nos sale con ltrace:

level1@io:/levels$ ltrace ./level01 aa
__libc_start_main(0x80483f4, 2, 0xbfffddc4, 0x8048510, 0x80484c0 <unfinished ...>
strncmp("aa", "omgpassword", 11)                                                                                               = -14
puts("Fail."Fail.
)                                                                                                                  = 6
+++ exited (status 0) +++

Podemos apreciar como compara la cadena que le pasamos con la contraseña que debería ser: “omgpassword”, por lo que se la pasamos para obtener la shell al siguiente nivel:

level1@io:/levels$ ./level01 omgpassword
Win.
sh-3.2$ cat ~level2/.pass
ep4kbyqe

En la home de cada nivel podemos encontrar el fichero .pass con la contraseña del nivel.

ltrace puede decirnos la contraseña

El listado de soluciones de otros niveles del wargame de IO de smash the stack es el siguiente:

• level 1
• level 2
• level 3
• level 4

Relacionados

• Wargame narnia: Nivel 5
• Wargame narnia (Niveles 1 y 2)
• Wargame leviathan: nivel 7
• Wargame leviathan: nivel 5
• Wargame leviathan: nivel 3