Мастерство приходит только с практикой.

level4 is an installation of Apache and PHP with an introduced heap vulnerability.

The introduced vulnerability is as follows:

Included file: blacksun4.function.c

Thanks to orix for the introduced code snippet

The document root is in /levels/level4/htdocs, you’ll need to put your php code there and call it via the webserver on port 55555.

Примечание: that if you’re executing a shell, it can’t be /bin/sh or /bin/bash, oh, and the apache process can’t access the /etc/pass directory :P

Binary information

Stack smashing protection (SSP): Enabled
Postition Independent Executable (PIE): Enabled
Address space layout randomisation (ASLR): Enabled
Non-executable pages: None / disabled
Included file: blacksun4.basic_functions.c