There exists a race condition between access() and open(). To exploit this race condition we allow access() to be called on a “valid” file, created by user level10 then, before the program advances to open(file) we delete the valid file and create a symbolic link to the file that access() would fail on. The time between access() and open() can be increased by starting the expected server late.
Team Awesome again took first place in a less web-focused competition and more systems oriented exploit competition. Great fun was had in this week long competition that involved challenges that included privileged escalation, buffer overflow, network attacks, and advanced challenges that apply obfuscation techniques that remain uncracked.
A big thanks goes out to ACM for hosting the competition and http://exploit-exercises.com for providing 3 exploit packed level based virtual machines!