Security - Pentest - Part IV - Break the Box Override

This virtual machine is provided by school 42 to improve security skills.

🔧 System Requirements:

• Operating System: x86-64 architecture
• Software: Virtualization Software, python3, pwntools, GDB, GEF, wget (or similar)

Usage

• To download RainFall.iso

  wget https://cdn.intra.42.fr/isos/OverRide.iso

• Use a 64-bit virtual machine to run this iso.
• Configure Host-only Adapter (or similar) to get the iso in local Network
• SSH Port: 4242

  ssh -p 4242 level0X@<ip>

Overview

Contrary to general practice in CTF challenges, a detailed walkthrough to solve the challenge in interactive mode is provided in each level directory. The Goal is simple :

• Get the level0X's password in the .pass file is located in the home directory of each corresponding user.
• Login to the next level0X's account.
• To begin, the first user is level00 and its password is level00
• The last user is end.

level00@RainFall:~$ ./level00 $(exploit)
$ cat /home/user/level01/.pass
?????????????????????
$ exit
level0@RainFall:~$ su level01
Password:
level01@RainFall:~$ _

Summary

• level00 : Reverse Engineering
• level01 : Stack Buffer Overflow
• level02 : Format string
• level03 : Reverse Engineering
• level04 : Format String - Ret2libc
• level05 : Format String - GOT rewrited
• level06 : Reverse Engineering
• level07 : Stack Buffer Overflow - Int Overflow - Ret2libc
• level08 : Reverse Engineering
• level09 : Stack Buffer Overflow

The userX password is stocked in file flag of user<X - 1>, if you want to connect directly to a user.