Introductory format string level that covers basic expansion.
| Option | Setting |
|---|---|
| Vulnerability Type | Format |
| Position Independent Executable | No |
| Read only relocations | No |
| Non-Executable stack | Yes |
| Non-Executable heap | Yes |
| Address Space Layout Randomisation | Yes |
| Source Fortification | No |
#include "../common/common.c"
void expand_the_input()
{
volatile int target;
char output[1024];
char input[12];
target = 0;
memset(input, 0, sizeof(input));
memset(output, 0, sizeof(output));
fgets(input, sizeof(input)-1, stdin);
if(strlen(input) == 0) exit(0);
sprintf(output, input);
if(target == 0xdea110c8) {
printf("\n[ critical hit! :> ]\n");
system("exec /bin/sh");
exit(0);
}
printf("\n[ target contains 0x%08x, wanted 0xdea110c8 ]\n", target);
exit(0);
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *p;
background_process(NAME, UID, GID);
fd = serve_forever(PORT);
set_io(fd);
expand_the_input();
}