Protostar exploits are a cool bunch of ctf type exercises that focus on Linux binary exploits that progressively get harder. A ISO containing the OS and challenges can be downloaded.
The website with all information and downloads is at https://exploit-exercises.com/protostar/
user@protostar:~$ /opt/protostar/bin/format4 test test
Hint: objdump -TR is your friend
Need to redirect program execution flow.
Looks like we need the program to reach the hello() function.
If we are to use a format string exploit then we most likely need to exploit the printf() call in vuln() and somehow overwrite the return address on the stack after printf is called, such that it points to hello() instead of returning back to vuln().
Let’s find the memory location for the hello() function.
Again we will use objdump -t option. This command will print the the binary’s symbol table. The symbol we want is the reference to the ‘hello’…
View original post 746 more words