Another warm up level that covers writing arbitrary values to memory.
| Option | Setting |
|---|---|
| Vulnerability Type | Format |
| Position Independent Executable | No |
| Read only relocations | No |
| Non-Executable stack | Yes |
| Non-Executable heap | Yes |
| Address Space Layout Randomisation | Yes |
| Source Fortification | No |
#include "../common/common.c"
int target;
void expand_the_input()
{
char input[256];
target = 0;
memset(input, 0, sizeof(input));
fgets(input, sizeof(input)-1, stdin);
if(strlen(input) == 0) exit(0);
printf(input);
if(target == 0x0ddba11) {
printf("\n[ critical hit! :> ]\n");
system("exec /bin/sh");
exit(0);
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *p;
background_process(NAME, UID, GID);
fd = serve_forever(PORT);
set_io(fd);
while(1) {
printf("[ &target = 0x%08x, we want 0x0ddba11, currently is 0x%0x ]\n", &target, target);
expand_the_input();
}
}