Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
40 lines (27 sloc) 757 Bytes

Stack 0

https://exploit-exercises.com/protostar/stack0/

Goal

To override the modified variable.

Source Code

stack0.c

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];

  modified = 0;
  gets(buffer);

  if(modified != 0) {
      printf("you have changed the 'modified' variable\n");
  } else {
      printf("Try again?\n");
  }
}

Exploit

gets is like raw_input in python. It retrieves user input and stores it in the array pointed to by buffer. However, gets doesn't perform any bounds checking, so entering 65 a's will actually overflow the buffer and store the final 'a' at the location of modified, thus modifying modified.