🔧 System Requirements:
- Operating System: x86-64 architecture
- Software: Virtualization Software, python3, pwntools, GDB, GEF, wget (or similar)
- To download RainFall.iso
wget https://cdn.intra.42.fr/isos/RainFall.iso
- Use a 64-bit virtual machine to run this iso.
- Configure
Host-only Adapter(or similar) to get the iso in local Network - SSH Port: 4242
ssh -p 4242 levelX@<ip>
Contrary to general practice in CTF challenges, a detailed walkthrough to solve the challenge in interactive mode is provided in each level directory. The Goal is simple :
- Get the levelX's password in the
.passfile is located in the home directory of each corresponding user. - Login to the next levelXX's account.
- To begin, the first user is
level0and its password islevel0 - After user
level9, there are four userbonus, frombonus0tobonus3 - The last user is
end.
level0@RainFall:~$ ./level0 $(exploit)
$ cat /home/user/level1/.pass
?????????????????????
$ exit
level0@RainFall:~$ su level1
Password:
level1@RainFall:~$ _- level0 : Reverse Engineering
- level1 : Stack Buffer Overflow - Victory Function
- level2 : Stack Buffer Overflow - Heap Exploit
- level3 : Format String
- level4 : Format String
- level5 : Format String - GOT rewrited
- level6 : Heap Buffer Overflow
- level7 : Heap Buffer Overflow - GOT rewrited
- level8 : Heap Exploit
- level9 : Heap Exploit
- bonus0 : Stack Buffer Overflow
- bonus1 : Stack Buffer Overflow - Int Overflow
- bonus2 : Stack Buffer Overflow - Environment Variable
- bonus3 : Reverse Engineering
The userX password is stocked in file
flagof user<X - 1>, if you want to connect directly to a user.