You can find the protostar there > Protostar
We have the source code of the binary :
We have a variable
buffer with 64bytes buffer, then we have the
getenv -> get an environmental variable
environmental variable -> used to pass information into processes
The if statement says that if the
enviromental variable == NULL will print the error message.
Then we have the
modified variable with 0 value.
Again the vulnerable
strcpy -> doesn’t do any length checking.
Then an if statement that if
modified == 0x0d0a0d0a we get the flag.
Let’s execute the binary.
We have to set the environmental variable.
Perfect, now let’s simply add our payload in enviromental variable.
A * 64 + 0x0d0a0d0a in little endian
We can remove the variable now if we want.