Solving abo #4
July 8, 2010
Let’s move forward, this time solving abo4.c If you have no doubts on how to solve abo3, this one will be fairly easy.
First, let’s take a look at the code:
/* abo4.c
* specially crafted to feed your brain by gera@core-sdi.com *//* After this one, the next is just an Eureka! away */
extern system,puts;
void (*fn)(char*)=(void(*)(char*))&system;int main(int argv,char **argc) {
char *pbuf=malloc(strlen(argc[2])+1);
char buf[256];fn=(void(*)(char*))&puts;
strcpy(buf,argc[1]);
strcpy(pbuf,argc[2]);
fn(argc[3]);
while(1);
}
Stack Warmup #5: Solution! – Part 2
May 26, 2010
Hello again, last post about abo #5 we have talked about leave and ret instruction and trace our goal path. Today, I’m gonna do my best to implement it and to force the application to do what we want.
Stack Warmup #5: Solution! – Part 1
May 17, 2010
At the begginning I got the impression that abo#5 will be a pice of cake.. so I sat on this for a couple of weeks confident in my prediction.
Today I picked it up just for noticing that I was WRONG! Abo #4 and Abo #5 are really difficult, and 5 “requires” 4′s solution. Today, I’m gonna solve Abo #5, well… I’ll try to give the basic ideas for my solution and on part 2 I’ll complete the explanation 
/* stack5.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x000a0d00)
printf("you lose!\n");
}
Where is the “you win!” string? It says you lose! There are not way to win!!!!! Wait, we are trying to be hackers so we should think a path to print you win!
Solution to stack4.c
April 19, 2010
Howdy, fellow aspirings exploit writers! Now we’re gonna have some fun with another ABO, stack4.c.
Just like the past ABOs we have been playing with, solving this one is no rocket science either. Nevertheless, it’s a little bit more tricky than the other ones we have defeated lately.
Read the rest of this entry »
Defeating stack3.c
April 19, 2010
Alright folks, time to solve stack3.c, from “Warming up” section of gera’s Insecure Programming series.
/* stack3-stdin.c *
* specially crafted to feed your brain by gera */
#include
int main() {
int cookie;
char buf[80];
printf(“buf: %08x cookie: %08x\n”, &buf, &cookie);
gets(buf);
if (cookie == 0×01020005)
printf(“you win!\n”);
}
If you have read our explanation on solving stack1.c and stack2.c, this challenge will be a piece of cake.
Read the rest of this entry »
Solving stack-2.c
April 12, 2010
Shooting down one more ABO, here we are to solve stack2.c, from “Warming up” section of gera’s Insecure Programming series.
/* stack2-stdin.c *
* specially crafted to feed your brain by gera */
#include
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x01020305)
printf("you win!\n");
}
If you have paid attention to the solution we came up for stack1.c you will clearly see stack2.c can be solved in the very same straight-forward manner we did with our last post.
Read the rest of this entry »
Stack Warmup #2: Solution!
April 12, 2010
New week, and a new ABO to play with… This time, we are going to play with:
/* stack2.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x01020305)
printf("you win!\n");
}
If you have solved the first abo, you should see that this one looks the same way. Well, it looks the same way but now I’m gonna explain you a little bit more and may be some hints to play after!
Solving the first ABO – stack1.c
April 9, 2010
Howdy! After setting up the environment I went on to solving the first ABO, stack1.c. First, I need to state this post is not intended to explain the basics of stack-based buffer overflows. There is vast literature all over the internet that certainly can explain the problem much better than I do.
So, if you’re looking for an introduction to buffer overflows, you would like to take a look at Google for a few good materials on this topic.
Stack Warmup #1: Solution!
April 9, 2010
Hello again! A new week has started so it’s time to solve an abo. Today I ‘m gonna solve the first abo posted by gera:
/* stack1.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x41424344)
printf("you win!\n");
}
This is a classic Stack Buffer Overflow problem. I strongly recommend you to read the wikipedia page. I had readed the Chapter 2 from The Shellcoder’s Handbook (Chris Anley, Jonh Heasman Felix Linder, Gerardo Richarte). Now, I’m gonna try to give you my solution… Please, keap reading…
