As usual login to the server and cd into the levels directory.

Looking at the source code of leve02, we can see that we need to somehow make the program call the catcher() function in order to get the shell and thereby the password for the next level.

What you need to know is how the signal() function works( also SIGFPE). Google that and you should find out that the signal() function gets executed whenever an arithmetic error occurs.

Basic mathematics would tell us that an arithmetic error would occur if there was somewhere a division by 0. In the code, we can see that there is a division of argv[1] by argv[2].

But we cannot supply 0 as argv[2] since there is an if() statement which exits if the value of argv[2] is 0.

Looking at the man page of signal() carefully, we find that an arithmetic error occurs also if the most negative integer is divided by -1. Google the most negative integer (-2147483648) and supply that along with -1 as the command line arguments to level02 and we get the shell

cd into /home/level03 and get the password for the next level.

Level02 Alternate

Looking at the source code of level02_alt.c, we can see that the program takes in one command line argument and converts it to double using strtod(). It then assigns that value to a floating point variable a.

Google about comparing floating point numbers and you will find that converting a double to a float results in a slight difference between the numbers.

What I found out (painstakingly) was the no matter what number you give, it will either result in an output of too high or too low.

Now looking at the man page of strtod() we see that it takes in arguments which can be an infinite or NAN(not a number).

The value of infinity is very much higher than the value we want which is pi. Therefore trying out NAN as an argument gives you the shell.

cd into /home/level03 and get the password for the next level

#binary #smashthestack