First login to the server using ssh. Then cd into the /levels directory where you will all the questions. Our question is level01.

The first thing that one needs to do is to load it up in gdb. Now that its done, I hoped to get something using the info variables command, but nothing happened.

Then I tried using ‘disas main’ which gave me the disassembly of main function. This line caught my eye

0x0804808f <+15>: cmp $0x10f,%eax

The word ‘cmp’ gave it away (cmp stands for compare which should obviously be used to check if the correct password has been entered).

The only thing left is to copy 0x10f and google for its decimal equivalent (or if you’re good at math you can probably do it yourself)

Which gives you the number 271.

Run the program again and you have the shell.

Now you can go into /home/level2 and type ‘cat .pass’ to get your password for the next level.

password is 271

#binary #smashthestack