From 7a00213c96d3df47167fe004b9dc590bf86b3923 Mon Sep 17 00:00:00 2001
From: 0x35c <unai64@orange.fr>
Date: Mon, 28 Apr 2025 14:53:40 +0200
Subject: [PATCH] level0 done

---
 .gitignore         |  4 ++++
 level0/flag        |  1 +
 level0/source.c    | 23 +++++++++++++++++++++++
 level0/walkthrough |  3 +++
 4 files changed, 31 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 level0/flag
 create mode 100644 level0/source.c
 create mode 100644 level0/walkthrough

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..73a8d89
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+RainFall.iso
+rainfall*
+level*/level*
+passwd
diff --git a/level0/flag b/level0/flag
new file mode 100644
index 0000000..5721413
--- /dev/null
+++ b/level0/flag
@@ -0,0 +1 @@
+423
diff --git a/level0/source.c b/level0/source.c
new file mode 100644
index 0000000..a485a40
--- /dev/null
+++ b/level0/source.c
@@ -0,0 +1,23 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int main(int ac, char **av)
+{
+	char *cmd;
+
+	int nb = atoi(av[1]);
+	if (nb == 423) {
+		cmd = strdup("/bin/sh");
+		gid_t gid = getegid();
+		uid_t uid = geteuid();
+		setresgid(gid, gid, gid);
+		setresuid(uid, uid, uid);
+		execv("/bin/sh", &cmd);
+	} else {
+		fwrite("No !\n", 1, 5, (FILE *)stderr);
+	}
+	return 0;
+}
diff --git a/level0/walkthrough b/level0/walkthrough
new file mode 100644
index 0000000..8a3d970
--- /dev/null
+++ b/level0/walkthrough
@@ -0,0 +1,3 @@
+# Level0
+
+Using ghidra, we can decompile the code and see that it executes `/bin/sh` as the user `level1` in case `atoi(av[1]) == 423`