The last snippet of code in Gera’s “Warming Up on Stack” series that we have to exploit is this:
/* stack5.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x000a0d00)
printf("you lose!\n");
}
Our task is to make this piece of code print “you win!” to the standard output.
Spoiler Alert: If you want to solve this exercise on your own, you should stop reading here.
Time to solve Gera’s 4th exercise on insecure code exploitation. Things get a bit more challenging here. I assume you solved or at least read the solutions for Stack #1, Stack #2 and Stack #3. So here’s the code we must exploit:
/* stack4.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x000a0d00)
printf("you win!\n");
}
If you solved the previous excercises, you should know by now that we’re trying to make a “you win!” message appear on our screen.
Spoiler Alert: If you want to solve this exercise on your own, you should stop reading now.
This time Gera wants us to exploit this snippet of code:
/* stack3.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x01020005)
printf("you win!\n");
}
As usual, our task is to make this code print “you win!”
Spoiler Alert: If you want to solve this exercise on your own, you should stop reading here.
This is the code for the Gera’s 2nd exerciseΒ on insecure code exploitation:
/* stack2.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x01020305)
printf("you win!\n");
}
The goal is to make this snippet of code to print “you win!”.
Spoiler Alert: If you want to solve this exerciseΒ on your own, you should stop reading here.
The code for the Gera’s 1st exercise is this:
/* stack1.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x41424344)
printf("you win!\n");
}
Our goal is to pass a string to the buffer which will make this snippet of code print “you win!”.
Spoiler Alert: Β Below is the solution to this exercise. If you want to solve it on your own, stop reading here.
I was browsing xorl’s blog these days and I stumbled upon a series of exercises on insecure code exploitation. They seemed fun, so I looked them up and started playing with them. You can find them all here.
You should disable some of your operating system’s protection mechanisms in order to exploit them. Of course some of them can be exploited while the protection mechanisms are enabled, but as you go on with the exercises, some of them will be really difficult (or impossible) to exploit, if you’re playing by the “rules”.
