Protostar Exploit Challenges Format0 Solution

Introduction Format0 is the introduction to the string exploitation levels. There isn’t much to it except a bit of minutia in the printf function. Exploitation We must complete this level in under 10 bytes of input, which means we can’t do our typical print 1 billion As deal. What we instead do is use the […]

Protostar Exploit Challenges Stack 7 Solution

Introduction This challenge is nearly identical to the last except that you must find a random ret to use and then jump to system. Exploitation Using the same tactics as before I determined the address of my environment variable was at 0xbffffe63. Now we need is a gadget containing a RET. There are fancier, more sophisticated ways […]

Protostar Exploit Challenges Stack 6 Solution

Introduction This challenge introduces the return to libc. As far as the bug itself, it remains the same as previous stack challenges. The only difference is that the return address can’t be in the range of 0xbf000000 – IE the stack. Ret2LibC Fortunately, this restriction isn’t hard to bypass. You can return into any function […]

Protostar Exploit Challenges Stack5 Solution

Introduction There really isn’t anything to this one. It is exactly the same as the last challenge except you add your own shellcode. Generating Shellcode I just used Kali Linux to generate my shellcode. In this case it is a bind shell which listens on port 4444. To get to this just log in to […]

Protostar Exploit Challenges Stack4 Solution

Introduction This challenge is one step up from the others in that now we must use GDB. Alternatively, you could use some guess and check, but that would just make your life harder. Exploitation In this challenge you have to understand a bit about C. The function gets does no bounds checking of any sort […]

Protostar Exploitation Challenges Stack3 Solution

Introduction This level is about the same as the others. The only difference is that instead of overwriting a regular variable you overwrite a function pointer. When the pointer is called, the program must instead call your overwritten function pointer. Exploitation The hint tells you to use gdb or objdump. Using objdump you want to take […]

Protostar Exploit Exercises Stack 2 Solution

Introduction This exercise introduces environment variables and their utility for placing arbitrary values into memory. These values may later be retrieved and used for exploitation. Exploitation You must set the GREENIE environment variable> the code will then copy the contents of that environment variable and place it into the buffer buffer. Because the variable modified […]

Protostar Exploit Challenges Final 2 Solution

Introduction This tutorial covers the final2 program from the protostar exploit challenges. It is a remote heap overflow attack. Getting Familiar This program seemed a bit less familiar to me than previous challenges so I spent some time figuring out what was going on. I started with the get_requests function. The first thing I noticed […]

Protostar Exploit Challenges Final1 Solution

Introduction In this challenge we’re looking for a format string vulnerability. I’ll cover the vulnerability itself and how to exploit it. The Vulnerability Process of elimination is your friend here. The way I approached the problem was to look through the source code and determine which functions were vulnerable. A cursory glance of the program […]