Created
May 20, 2014 11:19
-
-
Save 17twenty/e1ad57ef8a1edd462bfc to your computer and use it in GitHub Desktop.
Output from level10 of smashthestack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
level10@io:~$ python /tmp/runme.py | |
/levels/level10: relocation error: /levels/level10: symbol _gmon_start__, version GLIBC_2.1 not defined in file libc.so.6 with link time reference | |
/levels/level10: relocation error: /levels/level10: symbol _start__, version GLIBC_2.1 not defined in file libc.so.6 with link time reference | |
/levels/level10: symbol lookup error: /levels/level10: undefined symbol: strcmp, version GLIBC_2.2.4 | |
Inconsistency detected by ld.so: dl-runtime.c: 87: _dl_fixup: Assertion `((reloc->r_info) & 0xff) == 7' failed! | |
*** glibc detected *** /levels/level10: double free or corruption (!prev): 0x0804a008 *** | |
======= Backtrace: ========= | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x70f01)[0xb7edff01] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x72768)[0xb7ee1768] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(cfree+0x6d)[0xb7ee48ad] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(fclose+0x14a)[0xb7ed03ba] | |
/levels/level10[0x8048585] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7e85e46] | |
/levels/level10[0x8048441] | |
======= Memory map: ======== | |
08048000-08049000 r-xp 00000000 fe:00 268659 /levels/level10 | |
08049000-0804a000 rw-p 00000000 fe:00 268659 /levels/level10 | |
0804a000-0806b000 rw-p 00000000 00:00 0 [heap] | |
b7d00000-b7d21000 rw-p 00000000 00:00 0 | |
b7d21000-b7e00000 ---p 00000000 00:00 0 | |
b7e51000-b7e6d000 r-xp 00000000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1 | |
b7e6d000-b7e6e000 rw-p 0001b000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1 | |
b7e6e000-b7e6f000 rw-p 00000000 00:00 0 | |
b7e6f000-b7fcc000 r-xp 00000000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fcc000-b7fcd000 ---p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fcd000-b7fcf000 r--p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fcf000-b7fd0000 rw-p 0015f000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fd0000-b7fd3000 rw-p 00000000 00:00 0 | |
b7fdf000-b7fe1000 rw-p 00000000 00:00 0 | |
b7fe1000-b7fe2000 r-xp 00000000 00:00 0 [vdso] | |
b7fe2000-b7ffe000 r-xp 00000000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so | |
b7ffe000-b7fff000 r--p 0001b000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so | |
b7fff000-b8000000 rw-p 0001c000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so | |
bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] | |
*** glibc detected *** /levels/level10: double free or corruption (!prev): 0x0804a008 *** | |
======= Backtrace: ========= | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x70f01)[0xb7edff01] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x72768)[0xb7ee1768] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(cfree+0x6d)[0xb7ee48ad] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(fclose+0x14a)[0xb7ed03ba] | |
/levels/level10[0x8048585] | |
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7e85e46] | |
/levels/level10[0x8048441] | |
======= Memory map: ======== | |
08048000-08049000 r-xp 00000000 fe:00 268659 /levels/level10 | |
08049000-0804a000 rw-p 00000000 fe:00 268659 /levels/level10 | |
0804a000-0806b000 rw-p 00000000 00:00 0 [heap] | |
b7d00000-b7d21000 rw-p 00000000 00:00 0 | |
b7d21000-b7e00000 ---p 00000000 00:00 0 | |
b7e51000-b7e6d000 r-xp 00000000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1 | |
b7e6d000-b7e6e000 rw-p 0001b000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1 | |
b7e6e000-b7e6f000 rw-p 00000000 00:00 0 | |
b7e6f000-b7fcc000 r-xp 00000000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fcc000-b7fcd000 ---p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fcd000-b7fcf000 r--p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fcf000-b7fd0000 rw-p 0015f000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so | |
b7fd0000-b7fd3000 rw-p 00000000 00:00 0 | |
b7fdf000-b7fe1000 rw-p 00000000 00:00 0 | |
b7fe1000-b7fe2000 r-xp 00000000 00:00 0 [vdso] | |
b7fe2000-b7ffe000 r-xp 00000000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so | |
b7ffe000-b7fff000 r--p 0001b000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so | |
b7fff000-b8000000 rw-p 0001c000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so | |
bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] | |
1208263596 | |
level10@io:~$ whoami | |
level10 | |
level10@io:~$ /levels/level10 1208263596 | |
AverYloNgPassword!! | |
level10@io:~$ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import subprocess | |
import sys | |
foo = "" | |
i = 1200000000 | |
while True: | |
i += 1 | |
try: | |
foo = subprocess.check_output(['/levels/level10', str(i)]) | |
except: | |
continue | |
else: | |
if "DENIED" not in foo: | |
print i | |
sys.exit() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
level10@io:~$ /levels/level10 'AverYloNgPassword!!'
sh-4.2$ whoami
sh-4.2$ cat ~level11/.pass
oYZ4UoMIao6oPNhHCo