Protostar Stack7 – Writeup

By Homeless | Linux, Writeups
January 19, 2018 0 Comments

This is the final step of stack exploit of Protostar. I have learn many knowledge about exploit environment from Protostar. Thanks you so much LiveOverflow, Carlo Pelliccioni,MeshX93 and mattandreko for nice guide. Ok. In this step. I use very simple method. Offset + return value + system + exit + shell. It need to play little more with shell memory address. There are a lot of methods to exploit this task.



Let’s check the offset length first,

ebp address is 0x08048550. Need to calculate to get the offset.

Offset length 80 and check again the unsigned int ret value; I use objdump tool

objudmp -d ./stack7

0x08048383 is ret int variable. Next find the memory address of system and exit to call.

After that we need to call /bin/sh shell from env to exploit.

Run it to get the address

So my final payload was below.

Try to exploit.

Yes notice the error, my memory address is little different and need to find /bin/sh address. Let’s play again!.



Bango! Got it. Thanks for reading. Happy Hacking.

Leave a Reply:

Your email address will not be published. Required fields are marked *