Back online

11. juillet 2017 Others 0
After two years, I’ve decided to put this website back online. I tried to restore the old posts even if they look ugly on this new website. I’m keeping them alike anyway (lazy), but the new one will look much better. I’ll continue to post writeups for VMs, and I also want to focus on ...

Protostar – final1

Information This level is a remote blind format string level. The ‘already written’ bytes can be variable, and is based upon the length of the IP address and port number. When you are exploiting this and you don’t necessarily know your IP address and port number (proxy, NAT / DNAT, etc), you can determine that ...

Protostar – final0

Information This level combines a stack overflow and network programming for a remote overflow. Hints: depending on where you are returning to, you may wish to use a toupper() proof shellcode. Core files will be in /tmp. This level is at /opt/protostar/bin/final0 Source code Solution This level introduces remote buffer overflow. The vulnerability is located ...

Protostar – net3

Information This level tests the ability to understand code, and implement a simple network protocol. This level is at /opt/protostar/bin/net3 Source code Solution Again, it is a server waiting for a connection on port 2996. After the connection, it reads a value from the network and it converts it in host byte order (big endian) ...

Protostar – net2

Information This code tests the ability to add up 4 unsigned 32-bit integers. Hint: Keep in mind that it wraps. This level is at /opt/protostar/bin/net2 Source code Solution Again, a server is waiting on the port 2997. It sends 4 integer in little endian format and it waits in return the sum of them in ...

Protostar – net1

Information This level tests the ability to convert binary integers into ascii representation. This level is at /opt/protostar/bin/net1 Source code Solution This level is nearly the same as the previous one, excepted that the server sends the integer in little endian format, and it waits its’ ASCII value. I use the following python script : ...

Protostar – net0

Information This level takes a look at converting strings to little endian integers. This level is at /opt/protostar/bin/net0 Source code Solution In this level, a server is waiting for a connection on the port 29999. When connected, it generates an unisgned integer : wanted = random(); It sends it to the client : printf(« Please send ...

Protostar – heap3

Information This level introduces the Doug Lea Malloc (dlmalloc) and how heap meta data can be modified to change program execution. This level is at /opt/protostar/bin/heap3 Source code Solution In this level, the goal is to overwrite the content of the GOT entry of printf() (in fact puts()) with the memory address of winner() The ...

Protostar – heap2

Information This level examines what can happen when heap pointers are stale. This level is completed when you see the “you have logged in already!” message This level is at /opt/protostar/bin/heap2 Source code Solution While reading the code, I was a little lost at the begining until I saw this : auth = malloc(sizeof(auth)); This ...