Skip to main content

About

Another warm up level that covers writing arbitrary values to memory.

Vulnerability Type Format
Position Independent Executable No
Read only relocations No
Non-Executable stack Yes
Non-Executable heap Yes
Address Space Layout Randomisation Yes
Source Fortification No

Source code

(level11.c) download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#include "../common/common.c"

int target;

void expand_the_input()
{
  char input[256];
  
  target = 0;
  memset(input, 0, sizeof(input));

  fgets(input, sizeof(input)-1, stdin);
  if(strlen(input) == 0) exit(0);

  printf(input);  

  if(target == 0x0ddba11) {
      printf("\n[ critical hit! :> ]\n");
      system("exec /bin/sh");
      exit(0);
  }
}

int main(int argc, char **argv, char **envp)
{
  int fd;
  char *p;

  background_process(NAME, UID, GID); 
  fd = serve_forever(PORT);
  set_io(fd);

  while(1) {
      printf("[ &target = 0x%08x, we want 0x0ddba11, currently is 0x%0x ]\n", &target, target);
      expand_the_input();
  }

}