OverTheWire
We're hackers, and we are good-looking. We are the 1%.
Discuss this level on the forum

Level 2

Simple stack overflow, but with a side effect that affects debugging, and executing problems. Keep in mind that a straight execve() will not work, due to kernel issuing a breakpoint.

Code listing (level2.c)
 1 #include <stdlib.h>
 2 #include <unistd.h>
 3 #include <string.h>
 4 #include <sys/types.h>
 5 #include <sys/ptrace.h>
 6 #include <pwd.h>
 7 
 8 void wipearray(char **array)
 9 {
10     /*
11      * This should be pretty trivial without relying on stack
12      * values :)
13      */
14 
15     while(*array) {
16         memset(*array, 0, strlen(*array));
17         array++;
18     }
19 }
20 
21 void wipeenv(char **argv, char **envp)
22 {
23     wipearray(argv);
24     wipearray(envp);
25 }
26 
27 char* do_finger()
28 {
29     char buf[80], *p;
30     gets(buf);
31     p = buf;
32     while(*p) {
33         *p = toupper(*p);
34         p++;
35     }
36 
37     return strdup(p);
38 }
39 
40 int main(int argc, char **argv, char **envp)
41 {
42     /*
43      * This idea is taken from a question in #social one day about
44      * what to do if a process is being traced and you can't execve()
45      */
46 
47     if(ptrace(PTRACE_TRACEME) == -1) {
48         printf("request for tracing failed\n");
49         exit(EXIT_FAILURE);
50     }
51 
52     wipeenv(argv, envp);
53 
54     do_finger();
55 }