Semtex Level 11

Deja vue

/rdx/vl1b is vortex semtex1 with a slight modification to make things a little bit harder.

Thanks to andrewg for inspiration.

Suggested reading

manpages: popen, dup2

semtex11.c

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>


// code by andrewg, modified by aton

#define e(); if(((unsigned int)ptr & 0xff000000)==0xca000000) { setresuid(geteuid(), geteuid(), geteuid()); execlp("/bin/sh", "sh", "-i", NULL); }

void print(unsigned char *buf, int len)
{
        int i;

        printf("[ ");
        for(i=0; i < len; i++) printf("%x ", buf[i]);
        printf(" ]\n");
}

int main()
{
        unsigned char buf[512];
        unsigned char *ptr = buf + (sizeof(buf)/2);
        unsigned int x;

        while((x = getchar()) != EOF) {
                switch(x) {
                        case '\n': print(buf, sizeof(buf)); continue; break;
                        case '\\': ptr--; break;
                        default: e(); if(ptr > buf + sizeof(buf)) continue; ptr++; break;
                }
        }
        printf("All done\n");
}

Previous Next