Stack Seven

Stack6 introduces return to .text to gain code execution.

The metasploit tool “msfelfscan” can make searching for suitable instructions very easy, otherwise looking through objdump output will suffice.

This level is at /opt/protostar/bin/stack7

Source code

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

char *getpath()
  char buffer[64];
  unsigned int ret;

  printf("input path please: "); fflush(stdout);


  ret = __builtin_return_address(0);

  if((ret & 0xb0000000) == 0xb0000000) {
      printf("bzzzt (%p)\n", ret);

  printf("got path %s\n", buffer);
  return strdup(buffer);

int main(int argc, char **argv)