SmashTheStack – Really addictive

Posted: September 17, 2011 in Reverse Engineering

I was introduced to smashthestack.org by Zubin, my partner in crime. šŸ˜› I looked at io.smashthestack.org. At first I didn’t like it much, but then later on, it got really addictive! It has challenges starting from the testing the basics of C, moving on to buffer overflows, format string vulnerability, etc. I am currently on level11, and I’m thinking of post some hints on how to solve the problems.

The way the entire challenge is organized is really cool – simple, yet cool. There’s a remote linux box, onto which we have access over ssh protocol on port 2224. The password for level1 is “level1”. Password for each level is stored in the file /home/level<num>/.pass. So we need to be the user “level<num>” in the first place to access that level’s password! At first, it doesn’t look simple, but if we see the way the challenges are configured in the linux box, it becomes easy.

$ ssh -p 2224 level1@io.smashthestack.org
level1@io.smashthestack.org’s password:
level1@io:~$ cd /levels

level1@io:/levels$ ls -l level01
-r-sr-x— 1 level2 level1 7500 Nov 16Ā  2007 level01
level1@io:/levels$

Here, we can see that the executable level01 is executable only by user ‘level1’ but owned by user ‘level2’. Hence, while executing the challenge’s executable, if we’re able to get back a shell (with setuid privileges), then are ‘level2’ in that shell! Hence, from that new shell, we can read the next level’s password and voila, we can access the next level’s executable.

This is how it basically works, and some of the challenges themselves are coded in such a way that if you’re able to do the right stuff, it gives you back a shell. It’s really interesting and addictive, so readers, if you get time and you’re interested in reverse engineering/binary analysis, this is definitely the way. šŸ™‚

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s