There are different wargames hosted on http://smashthestack.org/ , with IO being the most popular of them. The missions revolve around debugging and reversing binaries in order to exploit some software vulnerabilities and gain enough privileges to read the password for the next level.
To connect to the first level, you have to SSH to the box with the password of level1:
1
| |
If you are new to these wargames, read the README file, which has some additional explanations. Levels for this game can be found in /levels and passwords are located in the level’s home directory, like /home/level2/.pass
So, when trying to run the level01 binary, we can see it’s looking for a passcode:
1 2 | |
Let’s see what’s going on using GDB. This is the disassembly of the main() function for this program:
1 2 3 4 5 6 7 8 9 | |
This line is interesting:
cmp $0x10f,%eax
So there is a comparison between a constant and eax, and if they’re equal, it means that we’re right on the password. Let’s check that constant:
1 2 | |
This makes sense, 0x10f is the hex representation of 271 in decimal. And we know the program is looking for a 3-digit passcode. Let’s try it:
1 2 3 4 5 | |
Ok, this was an easy level!
Q: How many hardware engineers does it take to change a light bulb? A: None. We’ll fix it in software.
Q: How many system programmers does it take to change a light bulb? A: None. The application can work around it.
Q: How many software engineers does it take to change a light bulb? A: None. We’ll document it in the manual.
Q: How many tech writers does it take to change a light bulb? A: None. The user can figure it out.