We will be connecting to the wargame via PuTTy. When you visit the io wargame page it explains how to connect to the wargame. (see below)
ssh level1@io.smashthestack.orgThe username is level1 and the password is level1. If you couldn't figure that out for yourself you should probably stop reading and start reading about SSH and connecting remotely to machines/servers/etc. For everyone else, let's continue.
password: level1
Once logged in navigate to the levels directory, this will list all the levels.
So let's now give it a password, as an argument.
Fail, huh? Ok, let's open gdb and see what's inside this program. Type gdb ./level01 to launch gdb with level01 ready for debugging. The first thing you should do is disassemble main, since all C applications have a Main function.
This is the main function disassembled. We can see function names, let's focus on pass, which is one of the functions in this application. You can see all the function in gdb by typing info fun and pressing enter, this will list all the other functions in the app.
Just like we disassembled main, type disas pass to disassemble the pass function. When we disassemble it we can see a bunch of addresses, let's look and see what's under the addresses. You can read bytes, strings, etc, with gdb. Let's check one of the addresses (preferably near the top).
Typing x/s then the address will show us what's there. As you can see it's a string, just get all the letters then go back and input the string you found. I would give it to you here but then how would I know you actually tried to do it yourself?
