[exploit-exercises] Nebula level 04 [미완성]

Nebula level04

---

About

This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it :)

To do this level, log in as the level04 account with the password level04 . Files for this level can be found in /home/flag04.

Source code

1#include <stdlib.h> 2#include <unistd.h> 3#include <string.h> 4#include <sys/types.h> 5#include <stdio.h> 6#include <fcntl.h> 7 8int main(int argc, char **argv, char **envp) 9{ 10 char buf[1024]; 11 int fd, rc; 12 13 if(argc == 1) { 14 printf("%s [file to read]\n", argv[0]); 15 exit(EXIT_FAILURE); 16 } 17 18 if(strstr(argv[1], "token") != NULL) { 19 printf("You may not access '%s'\n", argv[1]); 20 exit(EXIT_FAILURE); 21 } 22 23 fd = open(argv[1], O_RDONLY); 24 if(fd == -1) { 25 err(EXIT_FAILURE, "Unable to open %s", argv[1]); 26 } 27 28 rc = read(fd, buf, sizeof(buf)); 29 30 if(rc == -1) { 31 err(EXIT_FAILURE, "Unable to read fd %d", fd); 32 } 33 34 write(1, buf, rc); 35}

---