It's finally time. I've always thought about translating this post but I finally get to do it now.
[What is Lord of the BOF?]
From a relatively easy environment, Redhat 6.2 to the ultimate Fedora 14 -
You'll have to go through numerous levels and show off your BOF skills.
Solve the highest level and shoot me an email at chanbin.lee123@gmail.com with a writeup of the death_knight challenge - I'll send you the Fedora image file.
[How to]
Lord of the BOF is given as a vmware image so that you'll have your own environment to connect into and play.
[Download]
1. Download the following vmware image and boot up!
http://hackerschool.org/TheLordofBOF/TheLordOfTheBOF_redhat_bootable.zip
2. Login with credentials: gate/gate
3. Set up your network settings through netconfig (There's a setuid set on the system)
4. Check your ip. (/sbin/ifconfig)
5. Use something like putty or xshell to connect(telnet) to the image and start hacking.
[Basic Rules]
1. No single boot
2. No root exploit
3. NOT allowed to use LD_PRELOAD on the /bin/my-pass command
[How to check your next level's password]
/bin/my-pass
[List of Levels]
LEVEL1 (gate -> gremlin) : simple bof
LEVEL2 (gremlin -> cobolt) : small buffer
LEVEL3 (cobolt -> goblin) : small buffer + stdin
LEVEL4 (goblin -> orc) : egghunter
LEVEL5 (orc -> wolfman) : egghunter + bufferhunter
LEVEL6 (wolfman -> darkelf) : check length of argv[1] + egghunter + bufferhunter
LEVEL7 (darkelf -> orge) : check argv[0]
LEVEL8 (orge -> troll) : check argc
LEVEL9 (troll -> vampire) : check 0xbfff
LEVEL10 (vampire -> skeleton) : argv hunter
LEVEL11 (skeleton -> golem) : stack destroyer
LEVEL12 (golem -> darkknight) : sfp
LEVEL13 (darkknight -> bugbear) : RTL1
LEVEL14 (bugbear -> giant) : RTL2, only execve
LEVEL15 (giant -> assassin) : no stack, no RTL
LEVEL16 (assassin -> zombie_assassin) : fake ebp
LEVEL17 (zombie_assassin -> succubus) : function calls
LEVEL18 (succubus -> nightmare) : plt
LEVEL19 (nightmare -> xavis) : fgets + destroyers
LEVEL20 (xavis -> death_knight) : remote BOF
'STUDY > Lord of the BOF' 카테고리의 다른 글
| xavius->death_knight (0) | 2014.07.31 |
|---|---|
| nightmare->xavius (0) | 2014.07.22 |
| succubus->nightmare (0) | 2014.07.10 |
| zombie_assassin->succubus (0) | 2014.07.08 |
| assassin->zombie_assassin (2) | 2014.06.26 |