Differences between revisions 2 and 3

Level01

There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?

To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01. To complete the level, execute getflag as the owner of the program below.

   1 #include <stdlib.h>
   2 #include <unistd.h>
   3 #include <string.h>
   4 #include <sys/types.h>
   5 #include <stdio.h>
   6 
   7 int main(int argc, char **argv, char **envp)
   8 {
   9   gid_t gid;
  10   uid_t uid;
  11   gid = getegid();
  12   uid = geteuid();
  13 
  14   setresgid(gid, gid, gid);
  15   setresuid(uid, uid, uid);
  16 
  17   system("/usr/bin/env echo and now what?");
  18 }

-  ⇤ ← Revision 2 as of 2017-11-28 21:24:12 → 
  Size: 617
  Editor: scot
  Comment:
+   ← Revision 3 as of 2017-11-28 21:35:19 → ⇥
  Size: 692
  Editor: scot
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 5:
-To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01.
+To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01. To complete the level, execute getflag as the owner of the program below.

Diff for "NetworkSecurity/Nebula/Level01"

Level01