Skip to main content
Settings
Search
Appearance
Theme Mode
About
Theme
Jekyll v3.10.0
Environment Production
Last Build
2026-05-22 22:41 UTC
Repository
bamr87/it-journey
Changelog Docs Jekyll
Current Environment Production
Build Time May 22, 22:41
Jekyll v3.10.0
Build env (JEKYLL_ENV) production
Quick Links
Page Location
Source Code
View on GitHub Edit in GitHub.dev
Configuration
Site Config _config.yml
Page Info
Layout default
Collection docs
Path _docs/wargames/overthewire/blacksun/blacksun4.md
URL /docs/wargames/blacksun/blacksun4/
Date 2026-04-07
Theme Skin
SVG Backgrounds
Layer Opacity
0.6
0.04
0.08

Blacksun4

By Amr

level4 is an installation of Apache and PHP with an introduced heap vulnerability.

Estimated reading time: 0 minutes

Edit on GitHub

Table of Contents

Source: This content is aggregated from overthewire (MIT). Visit the original repository for the latest version.

level4 is an installation of Apache and PHP with an introduced heap vulnerability.

The introduced vulnerability is as follows:

Thanks to orix for the introduced code snippet

The document root is in /levels/level4/htdocs, you’ll need to put your php code there and call it via the webserver on port 55555.

Note: that if you’re executing a shell, it can’t be /bin/sh or /bin/bash, oh, and the apache process can’t access the /etc/pass directory :P

Binary information

Stack smashing protection (SSP): Enabled
Postition Independent Executable (PIE): Enabled
Address space layout randomisation (ASLR): Enabled
Non-executable pages: None / disabled
Location: 127.0.0.1:55555