1

I'm going through the various overthewire wargames and I have a question about narnia0. The code in c contains

if(val==0xdeadbeef)
system("/bin/sh");
else {
printf("WAY OFF!!!!\n");

I got it to work with the simple buffer overflow, but I wanted to try using gdb to find other ways to exploit it. I disassembled main, then set a breakpoint after cmpl and before jne. Then I changed the machine code from 0x75 to 0x74. When I continued, it ran 

system("/bin/sh");

but when I ran id I was still only in the narnia0 user group, whereas if I did the buffer overflow I was in the narnia1 group. Is it impossible to escalate privilege as gdb, and is there any work-around to escalate privilege in an environment where you can change the machine code/variables?

user3364161
  • 63
  • 3

1 Answers1

2

Looks like this is due to the program running under the currently logged in user's account (narnia0) when you run it with gdb vs. the program running under the narnia1 user account when the program is executed.

This can be investigated further by looking at the permissions on the program file. (Use 'ls -al' to check out the file's permissions.

Look here for how the file permissions work: https://en.m.wikipedia.org/wiki/Setuid

SecretSasquatch
  • 619
  • 3
  • 9