Protostar CTF - format1

This time I decided to check format1 challenge from Protostar CTF. Here we go...
We will start here:

Opening file in gdb:

Changing the way to run the file (cat not python ...):

Better. Go back to the console:

More calculations:

Good, rewrite time:

Cool. Now we need the hint mentioned in description of challenge - objdump.

Variable we need to overwrite is located in BSS section:

So our target (from if(target)) is not initialized (yet). We will change it.

First of all we know that the length is 133. Now we need an address of the target, that's the time for objdump. In the end we need to run ./format1 with our new created payload:

Cool. :)




See you next time!

Cheers