Another warm up level that covers writing arbitrary values to memory.
| Option | Setting |
|---|---|
| Vulnerability Type | Format |
| Position Independent Executable | No |
| Read only relocations | No |
| Non-Executable stack | Yes |
| Non-Executable heap | Yes |
| Address Space Layout Randomisation | Yes |
| Source Fortification | No |
#include "../common/common.c" int target; void expand_the_input() { char input[256]; target = 0; memset(input, 0, sizeof(input)); fgets(input, sizeof(input)-1, stdin); if(strlen(input) == 0) exit(0); printf(input); if(target == 0x0ddba11) { printf("\n[ critical hit! :> ]\n"); system("exec /bin/sh"); exit(0); } } int main(int argc, char **argv, char **envp) { int fd; char *p; background_process(NAME, UID, GID); fd = serve_forever(PORT); set_io(fd); while(1) { printf("[ &target = 0x%08x, we want 0x0ddba11, currently is 0x%0x ]\n", &target, target); expand_the_input(); } }