Follow us on twitter

Donate Bitcoins

Fusion

Level 00 Level 01 Level 02 Level 03 Level 04 Level 05 Level 06 Level 07 Level 08 Level 09 Level 10 Level 11 Level 12 Level 13 Level 14 Level 15 Level 16 Level 17 Level 18 Level 19 Level 20 Level 21 Level 22 Level 23 Level 24 Level 25 Level 26 Level 27 Level 28

Fusion level10

About

Introductory format string level that covers basic expansion.

Vulnerability Type Format
Position Independent Executable No
Read only relocations No
Non-Executable stack Yes
Non-Executable heap Yes
Address Space Layout Randomisation Yes
Source Fortification No

Source code

 1#include "../common/common.c"
 2
 3void expand_the_input()
 4{
 5  volatile int target;
 6  char output[1024];
 7  char input[12];
 8  
 9  target = 0;
10  memset(input, 0, sizeof(input));
11  memset(output, 0, sizeof(output));
12
13  fgets(input, sizeof(input)-1, stdin);
14  if(strlen(input) == 0) exit(0);
15  
16  sprintf(output, input);
17
18  if(target == 0xdea110c8) {
19    printf("\n[ critical hit! :> ]\n");
20    system("exec /bin/sh");
21    exit(0);
22  }
23
24  printf("\n[ target contains 0x%08x, wanted 0xdea110c8 ]\n", target);
25  exit(0);
26
27}
28
29int main(int argc, char **argv, char **envp)
30{
31  int fd;
32  char *p;
33
34  background_process(NAME, UID, GID);  
35  fd = serve_forever(PORT);
36  set_io(fd);
37
38  expand_the_input();
39
40}

Discussion