Solving abo #4
July 8, 2010
Let’s move forward, this time solving abo4.c If you have no doubts on how to solve abo3, this one will be fairly easy.
First, let’s take a look at the code:
/* abo4.c
* specially crafted to feed your brain by gera@core-sdi.com *//* After this one, the next is just an Eureka! away */
extern system,puts;
void (*fn)(char*)=(void(*)(char*))&system;int main(int argv,char **argc) {
char *pbuf=malloc(strlen(argc[2])+1);
char buf[256];fn=(void(*)(char*))&puts;
strcpy(buf,argc[1]);
strcpy(pbuf,argc[2]);
fn(argc[3]);
while(1);
}
Solving abo #3
July 4, 2010
Hi everyone!
After a long time sitting on my ass and not solving any abo’s (kudos to Cesar for being more determined than me), here I am again with my solution to abo3.c.
Read the rest of this entry »
Abo #2: Solution!
June 25, 2010
Today, a new abo is ready to be solved!
/* abo2.c *
* specially crafted to feed your brain by gera */
/* This is a tricky example to make you think *
* and give you some help on the next one */
int main(int argv,char **argc) {
char buf[256];
strcpy(buf,argc[1]);
exit(1);
}
|
Also, gera has posted some things to consider:
In this new abo, as you can see, we added an
exit(). Go and find out what’s the difference, what new possibilities thisexit()adds, or what constrains it puts on the exploitation of the buffer overflow… good luck, take your time, and keep thinking until you are absolutly sure of what you think…
Problem’s solution after the break.
Abo #1: Solution!
June 23, 2010
All the warmup is done! It’s time to start fighting with real abos! The abo to solve is:
/* abo1.c *
* specially crafted to feed your brain by gera */
/* Dumb example to let you get introduced... */
int main(int argc,char **argv) {
char buf[256];
strcpy(buf,argv[1]);
}
|
Sooo… What should we do? Print again a you win message. It was a rought battle… I’m gonna tell you after the break.
