About Me
Avatar
Part time CTF Player learn every day!!
🌠 I Love Hoshimachi Suisei!! 🌠
🌠 I Love Hoshimachi Suisei!! 🌠

OverTheWire Maze Level 8 → 9 tutorial!!

overthewire maze pwn binary-exploitation linux beginner
Published on 26 Sep 2023

Login

You finish this level using the maze8 account (from the previous post). There’s no new binary to exploit.

ssh maze8@maze.labs.overthewire.org -p <PORT>
# password: jopieyahng

On the server you won’t find a /maze/maze9 binary. Level 9 is just the epilogue page.

Task

There isn’t an exploitable program for Level 9. The official page simply congratulates you for completing Maze.

A little bit of Theory

Nothing to reverse here — Level 9 serves as a wrap-up checkpoint. If you made it through Level 8 (format-string → GOT overwrite → shellcode), you’ve already covered the core ideas the series wanted to teach:

  • Classic overflows (stack, struct/offsets)
  • Env-backed shellcode & NOP sleds
  • Race conditions and ELF header games
  • Shared-memory / self-modifying code quirks
  • Format-string primitives (%x, %n, %hn) and GOT hijack

That’s basically the “swimming in memory” the epilogue hints at.

Solution

  1. Confirm completion Visit the official Level 9 page (link in the nav above). You’ll see the “Well done!” message — there’s no additional credential to fetch and no binary to run.

  2. Clean up (optional) Remove any temp files or symlinks you created during prior levels under /tmp, and unset your helper environment vars:

    unset SC

  3. Archive your notes & payloads Keep your one-liners, PoCs, and payload generators; they’re great references for future pwnables.

Troubleshooting quick tips

  • If you’re expecting a /maze/maze9 binary: there isn’t one. Level 8 was the last technical challenge.
  • If you kept background listeners or symlink spammers running from older levels, kill them to avoid noise while exploring other games.

Conclusion

That’s a wrap for Maze 🎉

You just practiced a compact tour of foundational pwn techniques: controlled reads/writes, shellcode staging, GOT/PLT hijacking, ELF trickery, and more. These skills transfer directly to a ton of CTFs and beginner/intermediate exploit labs.

Next adventures:

Thanks for reading!

Until next time — Otsumachi!! 💖☄️✨

Cinema

related posts

all tags

GOT-overwrite aboutme aead ai alphanumeric-shellcode apt argc0 argon2 aslr assembly asymmetric atoi automation backbox bandit base64 bash beginner behemoth binary binary-exploitation binary-to-ascii blackarch blind blind-sqli blogging blue-team bruteforce buffer-overflow buffer-overwrite c caesar canary capabilities checksec command-injection commonmark cookie cron crypto cryptography ctf cutter cyberchef cybersecurity defenders detection dev directory-traversal dnf docs drifter ecc education elf env envp exploitation finale forensics format-string formulaone frequency frequency-analysis gcc gdb getchar gfm ghidra github-pages governance gpg guide hashing hkdf http jekyll jmpbuf kali kasiski kdf kernel keylength kramdown krypton lab ld_preload leviathan lfi lfsr linux linux-syscall llmops log-poisoning ltrace manpage markdown maze memcpy mitigations mitmproxy mlops narnia natas networking newline-injection nonce nop-sled nx object-injection obsidian openssl osint overflow overthewire package-manager pacman parrot path path-hijacking pathname php pie pkc pki pointer-trick pqc priv-esc privilege-escalation provable-security pwn pwntools pyshark python race-condition radare2 rag randomness recon red-team redirect relro requests ret2env ret2libc reverse-engineering reversing ricing roadmap rop rot13 rsa scapy security seed seo serialization session setjmp-longjmp setuid shell shellcode smoke soc sockets sprintf sql-injection srop stack-canary stack-overflow strace strcmp strcpy streamcipher strings strncpy strtoul substitution suid suisei symlink symmetric terminal test threat-intel time-based tls troubleshooting tshark type-juggling ubuntu udp utumno vigenere virtualbox virtualization vmware vortex walkthrough web windows wireshark writing wsl x86
dash theme for Jekyll by bitbrain made with