[Protostar] Heap2 About This level examines what can happen when heap pointers are stale. This level is completed when you see the “you have logged in already!” message This level is at /opt/protostar/bin/heap2 이 레벨은 힙 포인터가 오래되었을 때 발생할 수 있는 일을 조사하는 것으로 "you have logged in already!”"라는 메시지가 표시되면 이 레벨이 완료된 것입니다. #include #include #include #include #include struct auth { char name[32]; int auth; };..
[Protostart] Heap1About This level takes a look at code flow hijacking in data overwrite cases. This level is at /opt/protostar/bin/heap1#include #include #include #include #include struct internet { int priority; char *name; }; void winner() { printf("and we have a winner @ %d\n", time(NULL)); } int main(int argc, char **argv) { struct internet *i1, *i2, *i3; i1 = malloc(sizeof(struct internet)..
Protostar Heap0 About This level introduces heap overflows and how they can influence code flow. This level is at /opt/protostar/bin/heap0 #include #include #include #include #include struct data { char name[64]; }; struct fp { int (*fp)(); }; void winner() { printf("level passed\n"); } void nowinner() { printf("level has not been passed\n"); } int main(int argc, char **argv) { struct data *d; s..
[Protostar] Format4 About %p format4 looks at one method of redirecting execution in a process. Hints objdump -TR is your friend This level is at /opt/protostar/bin/format4 #include #include #include #include int target; void hello() { printf("code execution redirected! you win\n"); _exit(1); } void vuln() { char buffer[512]; fgets(buffer, sizeof(buffer), stdin); printf(buffer); exit(1); } int m..
[Protostar] Format3 About This level advances from format2 and shows how to write more than 1 or 2 bytes of memory to the process. This also teaches you to carefully control what data is being written to the process memory. This level is at /opt/protostar/bin/format3 #include #include #include #include int target; void printbuffer(char *string) { printf(string); } void vuln() { char buffer[512];..
[Protostar] Format2 About This level moves on from format1 and shows how specific values can be written in memory. This level is at /opt/protostar/bin/format2 #include #include #include #include int target; void vuln() { char buffer[512]; fgets(buffer, sizeof(buffer), stdin); printf(buffer); if(target == 64) { printf("you have modified the target :)\n"); } else { printf("target is %d :(\n", targ..
[Protostar] Format1 About This level shows how format strings can be used to modify arbitrary memory locations. Hints objdump -t is your friend, and your input string lies far up the stack :) This level is at /opt/protostar/bin/format1 #include #include #include #include int target; void vuln(char *string) { printf(string); if(target) { printf("you have modified the target :)\n"); } } int main(i..
[Protostar] Format0 About This level introduces format strings, and how attacker supplied format strings can modify the execution flow of programs. Hints This level should be done in less than 10 bytes of input. “Exploiting format string vulnerabilities” This level is at /opt/protostar/bin/format0 #include #include #include #include void vuln(char *string) { volatile int target; char buffer[64];..
