Stack Overflow

The goals of this assignment are to:

  1. Analyze the source code of a vulnerable program
  2. Exploit the program to capture a secret flag

Challenge Server

This assignment is hosted on the class challenge server. You will first need to request an account on the server by emailing an SSH public key to the professor. You will then receive information on accessing the server.

The server is provisioned with a basic set of tools, including pwntools and a system-wide pwndbg installation in /opt/pwndbg that can be enabled by default by adding source /opt/pwndbg/gdbinit.py to your $HOME/.gdbinit file. If there are other tools you would like installed system-wide, email the professor.

chall01

A variant of the stack overflow program analyzed in class is located in /home/chall01:

[root@svs ~]# ll /home/chall01/
total 40
-rwxr-sr-x. 1 root chall01 29952 Jan 23 18:12 chall01
-rw-r--r--. 1 root root      602 Jan 23 18:12 chall01.cpp
-r--r-----. 1 root chall01    34 Jan 22 21:56 flag

This program has NX enabled, but ASLR is disabled and it has not been compiled with stack protectors.

Use the techniques presented in class to execute a shell with the group privileges of chall01. With that shell, capture the contents of the flag.

Submission Instructions

Package your solution as a gzipped TAR archive. Include the source code for your attack as well as a README describing your solution, how to run it, and the contents of the flag.


© 2024 wkr