Someone could easily fix this by analyzing the current implementation of Facebook’s web chat, and updating the analyzeLoad() method accordingly.

It was just a proof-of-concept script for a presentation I had over an year ago, and before Facebook introduced HTTPS -which renders the script useless.

Just print ‘\x00′

Usually, I use the generic display driver -which seems to work fine.

I guess you want drivers which will let you use your graphic adapter’s hardware acceleration capabilities. Haven’t been there, haven’t done that, so Google is your friend.

In order to “pass” this challenge, you must make this piece of code print “you win!”. You can’t do that by simple overwriting the values of the variables on stack, like in a previous version of a similar challenge.

The way to do that is to overwrite the main()’s return address and point it to the piece of code that prints the message, so that when the main() attempts to “return” to the operating system, it will jump and execute that code instead. To do that, we don’t really care about the contents of the data on stack, and we can fill it with random data, until we reach the point where the return address is stored on the stack.

In my opinion, this is not the way to learn exploitation techniques. In order to do it properly, you should study the way the stack and the memory management works under GNU/Linux systems, how data is stored on a lower-level, have a solid understanding of assembly language.

Once you gain a solid understanding of the things mentioned above, you won’t have problems moving to other architectures. Well.. you will actually have problems, but other kind of problems.

Many thanks, have a great day.

Peter

to me, it seems as if you would be able to print the null byte with python using just python. how would you do this? my internet research has left me empty handed.

thanks..