feat: app system challenges

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@dextradata.com>
2026-03-23 09:19:03 +01:00
parent de45645553
commit 5cd3b5a531
14 changed files with 715 additions and 0 deletions
--- a/app-system/elf-x86-format-string-bug-basic-2/artifacts/Makefile
+++ b/app-system/elf-x86-format-string-bug-basic-2/artifacts/Makefile
@@ -0,0 +1,28 @@
+CHALLENGE=ch14
+USER=app-systeme-$(CHALLENGE)
+USER_CRACKED=$(USER)-cracked
+
+CC=gcc
+CFLAGS=-m32 -no-pie
+LDFLAGS=-z noexecstack
+
+SRC=$(CHALLENGE).c
+OBJ=$(SRC:.c=.o)
+BIN=$(CHALLENGE)
+
+.DEFAULT_GOAL := challenge
+.PHONY : clean all
+
+$(BIN): $(OBJ)
+	@echo "Compiling..."
+	$(CC) -o $@ $(SRC) $(LDFLAGS) $(CFLAGS)
+
+challenge: $(BIN)
+	@echo "Applying permissions..."
+	rm -f $(OBJ)
+	chown $(USER_CRACKED):$(USER) $(BIN) .passwd Makefile $(SRC)
+	chmod 400 .passwd
+	chmod 440 $(SRC) Makefile
+	chmod 550 $(BIN)
+	chmod u+s $(BIN)
+
--- a/app-system/elf-x86-format-string-bug-basic-2/artifacts/ch14
+++ b/app-system/elf-x86-format-string-bug-basic-2/artifacts/ch14
--- a/app-system/elf-x86-format-string-bug-basic-2/artifacts/ch14.c
+++ b/app-system/elf-x86-format-string-bug-basic-2/artifacts/ch14.c
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+int main( int argc, char ** argv )
+
+{
+
+	int var;
+	int check  = 0x04030201;
+
+	char fmt[128];
+
+	if (argc <2)
+		exit(0);
+
+	memset( fmt, 0, sizeof(fmt) );
+
+	printf( "check at 0x%x\n", &check );
+	printf( "argv[1] = [%s]\n", argv[1] );
+
+	snprintf( fmt, sizeof(fmt), argv[1] );
+
+	if ((check != 0x04030201) && (check != 0xdeadbeef))	
+		printf ("\nYou are on the right way !\n");
+
+	printf( "fmt=[%s]\n", fmt );
+	printf( "check=0x%x\n", check );
+
+	if (check==0xdeadbeef)
+   	{
+		printf("Yeah dude ! You win !\n");
+     		setreuid(geteuid(), geteuid());
+     		system("/bin/bash");
+   	}
+}