Another month, another challenge, next part of OverTheWire's Narnia wargames. Unfortunately lack of time, made it impossible for me to publish anything sooner. Sorry for that!

Challenge

Firstly let's take a look at the code of the program.

The first thing that I see is that this program will check, whether or not the value of EGG variable is empty, if yes, it will print the message. But if not, it will try to execute it.

But what is enviromental variable?

Every time shell session is started, process is gathering information that should be available to the shell process and all child processes, putting them in special area called enviroment.

Enviromental variables provide a way to influence the behaviour of software on the system. For example, the "LANG" environment variable determines the language in which software programs communicate with the user. They are represented as an key-value pairs.

KEY=VALUE
KEY=VALUE1:VALUE2
KEY="VALUE WITH SPACES"


Now when we understand the topic, let's try to set EGG variable as some random text possibly causing the program to crash.

Yes! Now let's try and find some x86 shellcode that will be executed by the program. What I found working, was this shellcode, which was actually second one I've tried - the first one didn't want to cooperate ;)

We have the password to the next level!

Conclusion

It was another great challenge from OverTheWire. I'm looking forward to the next one, maybe something a little bit harder? We'll see!

Keep learning and stay safe! ~ W3ndige