Description: In this challenge you will exploit a simple program for handling dates. Your goal is to get local root privilegs.
You can download the source from:
http://juggl3r.at/index.php/downloads?download=28:challenge1-bof1
The source is a little bit ugly, but the challenge should be really funny (but easy)
You can send your working exploit to renefreing@yahoo.de until 02.10.2011
Have fun with this challenge!
Tags: Challenge , Bufferoverflow ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
hi i m getting error sem182.h no such file or directory
oh, I'm sorry, will add this lib this night! Forgotten it....
So, added the library to the archiv! Also added a "make install", but with "make all" the package will be also installed (so you only need the commands from the video). But have a new download-link for the file:
http://juggl3r.at/index.php/downloads?download=28:challenge1-bof1
Will edit the link also in the text under the video.
Have fun!
Thought about the Challenge and I decided, that there will be a third winner. The guy, how first send me a working exploit bypassing ASLR too.
Until yet, nobody send me a solution, so there's no winner yet.
HI
There is a problem with the semaphore managing.
If the program crashes the cleanup function is not able to free the memory and the program doesnt start.
./calserver: Verbose-Mode is activ
./calserver: Shared memory has been created, shmID: 2392065
./calserver: Shared memory has been hanged in
./calserver: The key for semaphore is already in use - File exists
./calserver: Function CleanUp() has been called
./calserver: All saved entrys are removed
./calserver: Shared memory has been hanged out
./calserver: Shared memory has been deleted
./calserver: Can't delete the semaphore
Yeah, that's part of the Challenge :) If program terminates normaly (for example signale KILL), the program will call the cleanUp function. If you crash the program, the program will not be able to call cleanUp...
Try to cleanUp per yourself. Use commands like ipcrm for removing. And ipcs to list the semaphores and get the ID's or Keys.
for example.
sudo ipcrm -S 0x....
You can add a rule to the makefile called "fix" or something like that and automate the cleanup for the 3 semaphores. So you will only have to call "make fix".
Solution will be uploaded in some days. I have already recorded it, until yet, nobody had send me a solution.