Protostar Exploit Challenges Final0 Solution

Introduction This challenge builds on two of our previous challenges. We must send data over the network to perform a traditional stack overflow. Beginning I began by running the server in gdb with the command set follow-fork-mode child so that I could see what was going on in the forked process. I then ran the command: python […]

Protostar Exploit Challenges Net1 Solution

Introduction This challenge is simply an inverse of the first network challenge. The net1 program will send you a number in network byte order (big endian) and you must convert it to little endian and send it back. The Code In my case, the read function in c seems to take care of network byte […]

Protostar Exploit Challenges Net0 Solution

Introduction This is probably the simplest challenge so far. The program sends you a number and you have to convert that number to little endian. There’s really not much more to it then that. Checking Things Out I started by just using netcat to see what the output looked like: user@protostar:~$ nc 2999 Please […]

Protostar Exploit Challenges Heap3 Solution – Exploiting DLMalloc

Introduction This was easily the hardest challenge for me in the series so far. It took me quite a while with a lot of background reading to fully understand everything going on. I strongly encourage you to check the sources out and spend the time. My biggest piece of advice is when it comes to […]

Protostar Exploit Challenges Heap2 Solution

Introduction This scenario requires knowledge of heap allocations and a bit about the nature of the C language. Take your time to familiarize yourself with the code as it can be rather confusing if you are a newcomer. Specifically, take time to think about what is happening in memory during the allocations for auth->name, auth->auth, […]

Protostar Exploit Challenges Heap1 Solution

Introduction This challenge introduces the concept of control flow hijacking. It’s another heap based buffer overflow. The overflow isn’t hard to find, just look at the only two strcpy calls and you’ll notice neither of them do any bounds checking. Finding the Exploit I wasn’t immediately sure what to do with this one so I […]

Protostar Exploit Challenges Heap0 Solution

Introduction This challenge serves as the introduction into heap exploitation and as such isn’t too bad. In fact, we’ll exploit this in a manner very similar to classic stack based overflow. Set Up For starters, I just examined the output of the program. Once I observed the information they gave me, the location of data […]

Protostar Exploit Format4 Challenge Solution

Introduction For this challenge we will use a global offset table (GOT) overwrite. If you are unfamiliar with the mechanics of the GOT check out this site. The exploitation phase will be very similar to format3. We will use the direct parameter access method to overwrite address space with our addresses of interest. We will […]

Protostar Exploit Challenges Format 3 Solution

Overview There’s really not much to this one. It’s pretty much the same as format2 with the only difference being we’ll need to write multiple bytes. Finding Our String I started in the same manner we have been for the last several challenges by printing off values from the stack. After printing those values, I […]