level0 done

.gitignore

@@ -0,0 +1,4 @@
+RainFall.iso
+rainfall*
+level*/level*
+passwd

level0/flag

@@ -0,0 +1 @@
+423

level0/source.c

@@ -0,0 +1,23 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int main(int ac, char **av)
+{
+	char *cmd;
+
+	int nb = atoi(av[1]);
+	if (nb == 423) {
+		cmd = strdup("/bin/sh");
+		gid_t gid = getegid();
+		uid_t uid = geteuid();
+		setresgid(gid, gid, gid);
+		setresuid(uid, uid, uid);
+		execv("/bin/sh", &cmd);
+	} else {
+		fwrite("No !\n", 1, 5, (FILE *)stderr);
+	}
+	return 0;
+}

level0/walkthrough

@@ -0,0 +1,3 @@
+# Level0
+
+Using ghidra, we can decompile the code and see that it executes `/bin/sh` as the user `level1` in case `atoi(av[1]) == 423`