Protostar – heap3

Information This level introduces the Doug Lea Malloc (dlmalloc) and how heap meta data can be modified to change program execution. This level is at /opt/protostar/bin/heap3 Source code Solution In this level, the goal is to overwrite the content of the GOT entry of printf() (in fact puts()) with the memory address of winner() The ...

Protostar – heap2

Information This level examines what can happen when heap pointers are stale. This level is completed when you see the “you have logged in already!” message This level is at /opt/protostar/bin/heap2 Source code Solution While reading the code, I was a little lost at the begining until I saw this : auth = malloc(sizeof(auth)); This ...

Protostar – heap1

Information This level takes a look at code flow hijacking in data overwrite cases. This level is at /opt/protostar/bin/heap1 Source code Solution In this level, the arguments sent to the program are not controlled by size. I can overflow the members ‘name’ of both structures internet ‘i1’ and ‘i2’. Let’s see the content of these ...

Protostar – heap0

Information This level introduces heap overflows and how they can influence code flow. This level is at /opt/protostar/bin/heap0 Source code Solution This level introduces heap overflow. In the code, ‘d’ is allocated in the heap before ‘f’. It means that if I can overflow ‘d’, it overwrites ‘f’. I need to find a vulnerability in ...