Username: 
Password: 
Restrict session to IP 
Questions  |  score: 7  |  6.33 7.89 8.00 |  Solved By 156 People  |  50876 views  |  since Dec 24, 2011 - 21:15:51

Training: Warchall - 7 Tropical Fruits (Realistic, Linux, Shell, Exploit, Warchall)

This is level 7 on the warchall box.
You can find the vulnerable binary + sourcecode in /home/level/tropic/7.
You can also view the source here.
Your mission is to exploit it, circumvent the ASLR protection and read a file in the name of the executable.

Good Luck!
GeSHi`ed C code for tropic7.c
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
 
void hint(){
        printf("Need to bypass aslr\n");
        exit(0);
}
void vulnfunc(char *input){
        char vulnbuf[300];
        memcpy(vulnbuf, input, strlen(input));
}
int main(int argc, char *argv[]){
        if(argc > 1)
        {
                vulnfunc(argv[1]);
        }        else
        {
                printf("%s <input>\n", argv[0]);
                return 1;
        }        return 0;
}
 
Your solution for Training: Warchall - 7 Tropical Fruits
Answer
© 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 and 2020 by tropic

The warchall project is hosted on vr.org, a cloud based hosting service.
The service and support is unique, and they just have added additional 20GB HDD space for us for free! Thank you very much vr.org!