Behemoth0 - behemoth1

From JaxHax
Jump to navigation Jump to search

behemoth0 was a simple password authentication challenge with a program that had a hardcoded password. This one could be solved simply by using ltrace. By running that we were able to see a call to strcmp() where it compared our value to the value "eatmyshorts". If you provided it that password it would drop you into a shell as behemoth1.

behemoth0@melinda:/games/behemoth$ ltrace ./behemoth0 
__libc_start_main(0x80485a2, 1, 0xffffd744, 0x8048690 <unfinished ...>
printf("Password: ")                                                                        = 10
__isoc99_scanf(0x804876c, 0xffffd65b, 0xffffd650, 0x80482d2Password: AAAAAA
)                                = 1
strlen("OK^GSYBEX^Y")                                                                       = 11
strcmp("AAAAAA", "eatmyshorts")                                                             = -1
puts("Access denied.."Access denied..
)                                                                     = 16
+++ exited (status 0) +++

behemoth0@melinda:/games/behemoth$ ./behemoth0            
Password: eatmyshorts
Access granted..
$ cat /etc/behemoth_pass/behemoth1