🫁02-overwriting_stack_variables_part2
So let's run the binary and try to test out the overflow
let's unhex the output value to understand what happended
let's look at the source code to see what happened
we see that we have a 32 size buffer and the key value needs to be equal to 0xdeadbeef but there's no input way of changing this value except of overwriting this
So i tried overflowing the 32 size buffer with the value deadbeef but it only took the first 4 chars and reversed them
so we do the same thing but reverse the 2 dead to daed ->
ok now is going to be the tricky part, we are going to craft our payload and inject it in overwrite:
"\xef\xbe\xad\xde"
:
This is a string containing four specific byte values, represented in hexadecimal notation. Each
\xHH
sequence represents a single byte, whereHH
is the hexadecimal value of the byte.In this case,
"\xef\xbe\xad\xde"
represents the bytes with hexadecimal valuesEF
,BE
,AD
, andDE
.
The last four characters are non-printable and represent the bytes EF
, BE
, AD
, and DE
.
and since the string is reversed it overflows with deadbeef and validates the challenge
Now let's open up ghidra
We can start by changing some of the values to look more like what we had in our C program:
and just like that we see the comparaison that is being made, now let's hop on GDB
let's start with info functions
we then go and disassemble main:
We see do_input that seems interesting, let's disassmble it:
Last updated