Protostar Exploit Exercises Stack 2 Solution

Introduction This exercise introduces environment variables and their utility for placing arbitrary values into memory. These values may later be retrieved and used for exploitation. Exploitation You must set the GREENIE environment variable> the code will then copy the contents of that environment variable and place it into the buffer buffer. Because the variable modified […]

Protostar Exploit Challenges Final 2 Solution

Introduction This tutorial covers the final2 program from the protostar exploit challenges. It is a remote heap overflow attack. Getting Familiar This program seemed a bit less familiar to me than previous challenges so I spent some time figuring out what was going on. I started with the get_requests function. The first thing I noticed […]

Protostar Exploit Challenges Final1 Solution

Introduction In this challenge we’re looking for a format string vulnerability. I’ll cover the vulnerability itself and how to exploit it. The Vulnerability Process of elimination is your friend here. The way I approached the problem was to look through the source code and determine which functions were vulnerable. A cursory glance of the program […]

Protostar Exploit Challenges Final0 Solution

Introduction This challenge builds on two of our previous challenges. We must send data over the network to perform a traditional stack overflow. Beginning I began by running the server in gdb with the command set follow-fork-mode child so that I could see what was going on in the forked process. I then ran the command: python […]

Protostar Exploit Challenges Net1 Solution

Introduction This challenge is simply an inverse of the first network challenge. The net1 program will send you a number in network byte order (big endian) and you must convert it to little endian and send it back. The Code In my case, the read function in c seems to take care of network byte […]

Protostar Exploit Challenges Net0 Solution

Introduction This is probably the simplest challenge so far. The program sends you a number and you have to convert that number to little endian. There’s really not much more to it then that. Checking Things Out I started by just using netcat to see what the output looked like: user@protostar:~$ nc 2999 Please […]

Protostar Exploit Challenges Heap3 Solution – Exploiting DLMalloc

Introduction This was easily the hardest challenge for me in the series so far. It took me quite a while with a lot of background reading to fully understand everything going on. I strongly encourage you to check the sources out and spend the time. My biggest piece of advice is when it comes to […]

Protostar Exploit Challenges Heap2 Solution

Introduction This scenario requires knowledge of heap allocations and a bit about the nature of the C language. Take your time to familiarize yourself with the code as it can be rather confusing if you are a newcomer. Specifically, take time to think about what is happening in memory during the allocations for auth->name, auth->auth, […]

Protostar Exploit Challenges Heap1 Solution

Introduction This challenge introduces the concept of control flow hijacking. It’s another heap based buffer overflow. The overflow isn’t hard to find, just look at the only two strcpy calls and you’ll notice neither of them do any bounds checking. Finding the Exploit I wasn’t immediately sure what to do with this one so I […]