Exploit Exercises - Protostar Stack 7

5 minute read Jan 9, 2012 Comments
Welcome everyone to 2012! I took a bit of a break during these holidays, and am just starting to get back going. This challenge was very interesting to me. I figured it would build off of the previous one. However, it was its own standalone challenge. We are given the following code to the stack7 executable: #include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <string.h> char *getpath() { char buffer[64]; unsigned int ret; printf("input path please: "); fflush(stdout); gets(buffer); ret = __builtin_return_address(0); if((ret &amp; 0xb0000000) == 0xb0000000) { printf("bzzzt (%p)\n", ret); _exit(1); } printf("got path %s\n", buffer); return strdup(buffer); } int main(int argc, char **argv) { getpath(); } From tinkering with the stack7 executable, I knew I was going to do a stack overflow, and somehow needed to execute code from the stack.