Jun 21, 2020

Protostar Stack1 Tutorial

In previous tutorial I completely explained how to exploit protostar stack 0 vulnerable program. In today tutorial we are going ahead and try a next level . In stack 1 level we have to modify a variable to per decided value. This one is so similar to stack zero level . But today you have to learn some new things like little endians notation etc. No buddy it is not something about little Indian people :-) . It's endian.

So let's go. Hear you can see the source code .

#include 
#include 
#include 
#include 

int main(int argc, char **argv)
{
    volatile int modified;
    char buffer[64];

    if(argc == 1) {
        errx(1, "please specify an argument\n");
    }

    modified = 0;
    strcpy(buffer, argv[1]);

    if(modified == 0x61626364) {
        printf("you have correctly got the variable to the right value\n");
    } else {
        printf("Try again, you got 0x%08x\n", modified);
    }
}

I'm not going to explain this code in deeply, because I cleared all things in previous tutorial.

Now give your focus to following lines of code.

if(modified == 0x61626364){
  printf("you have correctly got the variable to the right value\n");
}

It checks if variable is equal to 0x61626364 or not. What's 0x61626364? It is in the form of hex. If we get ASCII values, that will be abcd. So what we want to do is put abcd in to that variable. Yes we can use buffer overflow technique to do this task. In previous stack0 example we overwrote variable with a character A.

Now let's see if same method work for this level ? In first line you see stack0 level. In next line I have entered 65 A s but it seems we are not success. They say us to try again. :-( After that i have feed program 70 A s but no luck. As the next step i have over write variable with x61 x6 x63 x64 .That means variable should get abcd. But , look at the result. They said we overwrote dcba. But why??? This is because Little endian notation. I have published a complete tutorial about this concept. You may read it hear. Now I am going to try following payload.

$(python -c "print '\x41' * 64 + '\x64\x63\x62\x61'")

Yes we did it correctly. I hope you enjoyed the tutorial. See you again on protostar stack2.

Mar 08
How stack works in function call
How stack works in function call

The stack is an important concept in computer science. If you are planning to learn reverse....

read more
Mar 12
C programming file descriptors
C programming file descriptors

File access is an essential feature of any programming language. In C we can use two methods to....

read more
Jun 21
Protostar Stack1 Tutorial
Protostar Stack1 Tutorial

In previous tutorial I completely explained how to exploit protostar stack 0 vulnerable program. In....

read more
Replying to 's comment Cancel reply
ABOUT AUTHOR
Thilan Danushka Dissanayaka

Thilan Dissanayaka

Hi, I'm Thilan from Srilanka. An undergraduate Engineering student of University of Ruhuna. I love to explorer things about CS, Hacking, Reverse engineering etc.

CATEGORIES
SOCIAL
RANDOM ARTICLES
Array data structure
Array data structure
What are the most important directories in Linux
What are the most important directories in Linux
Best ethical hacking books for beginners
Best ethical hacking books for beginners
How stack works in function call
How stack works in function call
Complex number program in C++ using class
Complex number program in C++ using class
GDB reverse engineering tutorial
GDB reverse engineering tutorial