I started playing Wargames quite a while back, I eventually got bored but those times were fun.
I mainly played on SmashTheStack and Intruded’s Wargaming networks…
For those familiar with SmashTheStack, I’ve completed and wrote guides for the following:
- IO levels 0 to 19
- Blowfish levels 0 to 12
- Tux levels 0 to 9
I’ve also completed and wrote a guide for Intruded’s Narnia Wargame.
With that out of the way I present a question to you all:
What’s your favourite Wargaming level?
For me it has to be SmashTheStack’s IO Level 11, this was a level designed by a friend of mine who goes by the nickname of Bla…
The level required 2 Brainfuck source files which had to have the same MD5 hash value but output different strings… I found this level creative and challenging, I can also say it did become slightly frustrating at times…
I learned quite a bit in the process of solving it. Whilist there are quite a few creative Wargames around, none has given me the same experience this one did.
I look forward to reading about your experiences and opinions on this subject.
You can find SmashTheStack’s and Intruded’s Wargaming networks here:
http://www.SmashTheStack.org
http://www.Intruded.net
KOrUPt.
Tags: Favourite, Intruded, Level, SmashTheStack, Wargames, Wargaming
The only game I ever “played” was +Mallatia’s. Though I’m not a keygenner even the math-based riddles kept me awake for hours. The riddles are very good, not just the simpler tricks you can find on other pages. This time, you really have to think about what you’re supposed to do.
I did not solved that much riddles, but the riddles I encountered were just awesome. Maybe I should search my old login…
I have played wargames at quite a few places but if your learning OS exploitation, STS is the best place to be at. I have completed quite a few levels on blowfish,apfel,io,blackbox,tux and inturn learned alot. I am not sure of how many levels I completed though, I know I completed blowfish
I stopped playing the wargame when I was stuck at IO Level 11, a few years ago. I havent got as much time after that…
nice!!
u just took some words of my mouth, “none has given me the same experience this one did”, but this one was level9 and its a quite good site 4 learning some good stuff
Metr0: After running a few quick Google searches I cant find any references to “Mallatia’s”, I’m not quite sure what it is but it sounds interesting, perhaps you can provide a link?
WebDevil: IO Level 11 really is one of the levels that require considerable time and commitment to complete… I ended up coding 2 utility’s to speed up certain parts of the completion process(I’m trying to keep spoilers to a minimum here).
Shinku: IO level 9 isn’t that hard, just wait until you progress and gain some experience, I’m sure you’ll edit that comment. Some of the STS Tux levels take format specifier vulnerabilities and blow them way out of proportion, as you’ll find out if you complete Blowfish…
KOrUPt.
I solved all intruded.net and STS wargames (except Apple which I got tired of).
There are interesting wargames at pulltheplug.org too (called http://www.overthewire.org now).
I solved Vortex there, but gave up at some Drifter level. When I have some time I will probably
continue.
What do you mean with “wrote guides”? I encourage giving helpful hints, but I hope it’s not a
script-kiddie style step-by-step explanation on how to solve a level.
Regarding my favorite level: yeah bla’s md5 brainfuck is quite nice and educative.
But it depends on the preferences.
I generally classify hard shellgame levels into PITA ones and tricky ones. That level11 is some sort of 50/50. It it’s fun because it’s something new that requires out-of-the-box thinking. The other creative levels on IO are less PITA tho. That means after you get the trick it’s a matter of minutes to exploit it. The PITA levels usually involve a lot of additional work to get around an obstacle, but the downside is that you usually _know_ what has to be done. Such levels are RE levels, keygen stuff or hard to exploit bugs. Tux is a bit more in that way, but still not very problematic. Some vortex levels and blackbox 8 are fun, but after I solved them, I was all like oh god, please don’t give me another level like that (or it will again take me some hours of work to solve it).
I really enjoyed manpage.intruded.net since it gives you an overview of less known function behaviour.
It’s really tricky: you usually get the source and everything and still don’t see what might break.
After some hours of googling and reading the manual, you’re all like oh, never thought this tinny issue has such a great security impact. So in some sense it sharpens your security-audit eye. Of course after you see the same type of problem somewhere else you immediately know what it is or how to exploit it
(so it can also get boring if you see the same stuff elsewhere).
It depends on what type of person you are. If you are a hardcore assembler coder and enjoy reverse engineering you will prefer PITA levels, if you enjoy doing security audits in higher level code and are lazy (like me) you are more suited for tricky levels.
Damnit, I already googled the link and initially wanted to post it here… got no clue why I actually did not. o0
Anyway, here you go: 3564020356.org.
Metr0: No wonder I didn’t find the link… Lmao.
Fiction: Thanks for taking the time to write such a long response, I appreciate it. I’ve wrote guides but I haven’t released them publicly as of yet… If however someone would like a copy and can prove they’ve completed the game in question I’ll forward them a copy, as it’s nice to see how others went about solving a task :p.
Keep the comments coming
.
KOrUPt.
I think my favorite wargaming level is probably SmashTheStack’s IO level 19.
I breezed through the normal levels, and once I hit level11 I largely was in over my head. I needed help on about 5 or 6 of the levels leading up to 19, and felt like maybe I hadn’t truly earned where I got to. I had learned everything that I was supposed to learn, and only got hints, but still felt like perhaps I’d cheated myself out of some of the challenge.
I was determined to finish level19 with no help. I figured out the initial trick to it very quickly, but didn’t fully understand how the program needed to be exploited. I understood the protection mechanism in place, but was attempting to exploit it in a far more traditional way. (Sorry that this isn’t terribly descriptive, I don’t want to give spoilers) I think my alternate method could have worked, but considering the operations performed on the memory, it would have been painful to do.
Eventually, I broke down, and showed someone what I was trying to do. They laughed, and more or less told me “You’re doing it wrong.” So I went back to the drawing board, and suddenly it hit me just how I could exploit the program reliably. Of course, there was still one more issue to take care of, but that one was solved in short order and I was on my way to level 20.
SmashTheStack’s IO Level 19 has eluded me for a while now… It’s worth pointing out that this level is also created by Bla
, so there’s no wonder that it’s complicated…
I know the basic idea behind beating it but I’ve yet to actually complete it, thanks to the memory manipulations and such that take place :p…
The point of these games is to learn, not to bang your head off of a wall multiple times in frustration, so I wouldn’t call asking for a tips cheating, “being resourceful” sounds more fitting.
If you were working on a real world situation and got stuck I’m sure you’d ask a friend for help, that isn’t cheating in my opinion.
Again, thanks for all the comments
. Keep them coming.
KOrUPt.
It’s worth noting that bla’s levels usually have an educative background beside being fun. For instance level11 is to show how a theoretical MD5 weakness could be used practically (beside learning brainfuck). Level19 is about how stack canaries are not necessarily a sufficient protection for buffer overflow attacks.
Manpage level7 is fun:
#include
#include
#include
#include
#include
#include
void usage(char *n)
{
printf(“Usage: %.2048s -f \n”, n);
}
void listfiles(char *dir)
{
DIR *dirp;
struct dirent *ret;
struct dirent entry;
dirp = opendir(dir);
if(dirp == NULL){
printf(“Failed to open dir: %s\n”,dir);
return;
}
while( (ret = readdir(dirp)) != NULL)
{
printf(“> %s\n”,ret->d_name);
}
closedir(dirp);
}
void process(char *name)
{
int ret, i;
int fd;
char buf[4096];
char *ptr;
for(i = 0; i 0 ){
write(1, &buf, ret);
}
close(fd);
}
main(int argc, char *argv[])
{
int c;
int err = 1;
if(argc == 1){
usage(argv[0]);
exit(-3);
}
while((c = getopt(argc, argv, “hf:l:”)) != -1)
switch (c)
{
case ‘h’:
usage(argv[0]);
exit(0);
case ‘l’:
listfiles(optarg);
break;
case ‘f’:
process(optarg);
err = 0;
break;
case ‘:’:
fprintf(stderr, “Option -c% requires an operand\n”,optopt);
exit(-1);
break;
case ‘?’:
fprintf(stderr, “Unrecognized option: -%c\n”, optopt);
usage(argv[0]);
exit(-2);
break;
}
if(err){
usage(argv[0]);
exit(-4);
}
}
Oh btw s/apple/apfel/ in some older post
this might sound noobish, but where can I get your STS guide? I’m still stuck at blowfish. I tried googling, but I still can’t find the guide.
Their currently private at the time of writing, I wouldn’t want to ruin the games now would I…
What level are you stuck on? Please specify what you’ve tried so far, try and refrain from posting spoilers if possible.
I’ll give you some hints
.
KOrUPt.
hello. i`m totaly stuck on io.smashthestack.org`s level11. how to bypass md5 hash code? i can`t make that
could u give me some advice?
likewise, any pointers or just tough luck?