Introduction

Protostar exploits are a cool bunch of ctf type exercises that focus on Linux binary exploits that progressively get harder. A ISO containing the OS and challenges can be downloaded.

The website with all information and downloads is at https://exploit-exercises.com/protostar/

Challenge

Test run

user@protostar:~$ /opt/protostar/bin/format4
test
test

Exploit

Hint: objdump -TR is your friend

Need to redirect program execution flow.

Looks like we need the program to reach the hello() function.

If we are to use a format string exploit then we most likely need to exploit the printf() call in vuln() and somehow overwrite the return address on the stack after printf is called, such that it points to hello() instead of returning back to vuln().

Let’s find the memory location for the hello() function.

Again we will use objdump -t option. This command will print the the binary’s symbol table. The symbol we want is the reference to the ‘hello’…

View original post 746 more words

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (Address never made public)

Name

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

youremindmeofmymother

Protostar exploits Format4

Introduction

Challenge

Test run

Exploit

Leave a Reply Cancel reply

Introduction

Challenge

Test run

Exploit

Rate this:

Share this:

Like this:

Leave a Reply Cancel reply