Protostar Stack5

Here are the instructions for the challenge

About
Stack5 is a standard buffer overflow, this time introducing shellcode.

This level is at /opt/protostar/bin/stack5

Hints

At this point in time, it might be easier to use someone elses shellcode
If debugging the shellcode, use \xcc (int3) to stop the program executing and return to the debugger
remove the int3s once your shellcode is done.
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  char buffer[64];

  gets(buffer);
}

Continue reading “Protostar Stack5”

Protostar Stack4

Here are the instructions for the challenge

About
Stack4 takes a look at overwriting saved EIP and standard buffer overflows.

This level is at /opt/protostar/bin/stack4

Hints

A variety of introductory papers into buffer overflows may help.
gdb lets you do “run < input”
EIP is not directly after the end of buffer, compiler padding can also increase the size.
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void win()
{
  printf("code flow successfully changed\n");
}

int main(int argc, char **argv)
{
  char buffer[64];

  gets(buffer);
}

Continue reading "Protostar Stack4"

Protostar Stack0

I’m going to start the second challenge ISO from exploit-exercises.com. These challenges deal more with exploit development and reverse engineering.

Here are the instructions for the first challenge called Stack0

About
This level introduces the concept that memory can be accessed outside of its allocated region, how the stack variables are laid out, and that modifying outside of the allocated memory can modify program execution.

This level is at /opt/protostar/bin/stack0
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];

  modified = 0;
  gets(buffer);

  if(modified != 0) {
      printf("you have changed the 'modified' variable\n");
  } else {
      printf("Try again?\n");
  }
}

Continue reading “Protostar Stack0”

x86 Stack Conventions

In an attempt to get a more solid understanding of assembly for reverse engineering and exploit development I started watching the OpenSecurity Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration training videos found here. Day 1 Part 1 had a great explanation of how programs interact with the stack when functions are called. I just wanted to write up a summary here to solidify my understanding and have an easy reference for later.
Continue reading “x86 Stack Conventions”