Try the challenge thoroughly before reading the write-up. Otherwise, it's your loss.
We ssh to [email protected] and authenticate using the password we had obtained after solving the previous level.
Recap of previous level.
The recap of the previous level gives a different solution than mine. Do check it out too. In my solution, I was actually foolish not to notice that the password was present on the stack all this time.(not just the addresses near its address).
The story of this level tells us that the level is similar to level6, but with a minor change. We’ll just have to keep the STDIN alive. Let’s use the same exploit we used in the level6’s solution and see what happens. However this time around the address of spawn_shell() has changed it seems. Using that address in our exploit…
The program exits before we are given the chance to input any commands in the shell. So we’ll have to find a way to keep the STDIN active. How about using the cat - command?
And Voila! we have the password to the next level. I am not revealing the password here so that the readers try the challenge on their own.