PROTOSTAR WALKTHROUGH-Stack0

Prof.bubs
3 min readAug 16, 2021
source:hacksland.net

INSTALLATION:

Protostar is a VM built specifically to train and test our knowledge of binary exploitation. It is highly recommended to try these challenges as it will help us have a better understanding of how the stack works and how to abuse it properly to spawn a shell or buffer overflow it.

We can install protostarVM into our system from the following website:

https://www.vulnhub.com/entry/exploit-exercises-protostar-v2,32/.

Now that we have installed our protostar we can log in using the default creds as user: user for user and root:godmode for the root user. My suggestion is to log in as a root user and get ur IP using the command :

ifconfig

and after that ssh a user into ur terminal. Also, spawn the bash shell into ur terminal using the bash command once logged to make our job easier.

Now we are all set up and ready to go. All the questions for the challenges are given at the following website:

https://exploit.education/protostar/

/opt/protostar/bin/stack0

Alright, let's begin with our first challenge, stack 0.

https://exploit.education/protostar/stack-zero/

Let us first try and understand this code and draw a simple stack diagram for a better understanding of what to do :).

So it seems 2 variables namely “modified” and “buffer” are created in the stack. And there is a gets function that is used in this program. gets is a dangerous function used by programmers which can be easily abused to stack buffer overflow. Primarily because this function doesn't check the number of inputs given in the stack and it keeps receiving it until the stack eventually crashes leading to stack overflow. To understand more about it we can see the gets man page on the Linux terminal.

Back to hacking:). So first the modified integer variable gets created and then the buffer of space 64 is created so now the modified variable is pushed down the stack. When we put all this on a stack diagram, it would look like this.

stack diagram

Let us ignore esp, ebp and ret/eip for some other day. We will also ignore my handwriting.

Most of our programs start from the buffer space. All we have to do is overflow the buffer and we will reach the modified space which is exactly what we want according to the program.

stack diagram

Once we reach the modified space we will be displayed with “you have changed the modified variable”.

so our payload is going to be:

(python -c ‘print”A”*65’)|./stack0

Our payload says we are gonna print “A” 65 times basically overflowing the buffer space reaching the modified space.

That’s gonna be my first of all the other seven protostar challenges. Soon I will be updating rest until then take care, bye-bye :D.

--

--