We should start here (becase AFAIK an old webpage/address - is dead):
As you can see challenge is pretty easy, so we can call it a 'warmup' ;)
After gdb-peda was installed on my VM I started gdb with stack0 binary:
Using pdisasm (from gdbpeda) you can see some colors in gdb, like below:
As you can see we have a gets function here (more about it you can read in this nice book;)) so it should be easy to understand that EAX above is the argument for our gets:
Next part should be quick&easy too (if you tried few basic crackmes in the past).So I tried to see what arguments we will have for both CALL
instructions:
Cool. We will set a breakpoint now:
Unfortunately the program will not need argv[1] ;P So:
Next:
Now we are comparing EAX, checking:
Cool. Overflowed. According to the source, we need 'more than 64 chars' long string to 'modify' modified variable. Let's try:
Ok, should be good. Verifying:
Cool. Done. :]
See you next time.
If you found any mistake/bug in the code/listings above, feel free to ping me.
Feedback/hint is always appreciated.
See you next time.
Cheers
...to be continued...
Brak komentarzy:
Prześlij komentarz