You can find the protostar there > Protostar
We have the source code of the binary :
1 |
|
We have a variable called buffer
with 64bytes buffer, then we have argc
(number of arguments passed) program name is one of them.
Then we have the modified
variable & the most important the vulnerable strcpy
function.
strcpy
-> doesn’t do any length checking
Then we have an if statement, if modified == 0x61626364
we get the flag.
0x61626364
in Ascii is :
1 |
|
Let’s run the binary.
1 |
|
Let’s enter now 65bytes.
1 |
|
We got 0x00000041
, 41 == A
, we simple now add abcd
in little endian.
1 |
|
1 |
|
Let’s write an exploit now with pwntools
1 |
|
Let’s execute it.
1 |
|