I found out some information that had stumped me for a while. I thought that I had found a solution for narnia0, but it turns out that gdb can’t be used for priv esc, as least as far as root is concerned. I am getting a shell, but it’s as the same user I am. I think that since I’m running the program inside of gdb, it’s keeping the same user and spawning a shell that way. Oh well. I feel like I’ve learned a lot about gdb and now wish that I’d learned more assembly.
I’ve been playing with running the program and throwing random input values at it. I realized it changed which is what I’m needing to change.
Making progress. I got it to take the 0xdeadbeef value, but it’s not doing what I would expect again.