Follow us on twitter

Donate Bitcoins

Fusion

Level 00 Level 01 Level 02 Level 03 Level 04 Level 05 Level 06 Level 07 Level 08 Level 09 Level 10 Level 11 Level 12 Level 13 Level 14 Level 15 Level 16 Level 17 Level 18 Level 19 Level 20 Level 21 Level 22 Level 23 Level 24 Level 25 Level 26 Level 27 Level 28

Fusion level11

About

Another warm up level that covers writing arbitrary values to memory.

Vulnerability Type Format
Position Independent Executable No
Read only relocations No
Non-Executable stack Yes
Non-Executable heap Yes
Address Space Layout Randomisation Yes
Source Fortification No

Source code

 1#include "../common/common.c"
 2
 3int target;
 4
 5void expand_the_input()
 6{
 7  char input[256];
 8  
 9  target = 0;
10  memset(input, 0, sizeof(input));
11
12  fgets(input, sizeof(input)-1, stdin);
13  if(strlen(input) == 0) exit(0);
14
15  printf(input);  
16
17  if(target == 0x0ddba11) {
18    printf("\n[ critical hit! :> ]\n");
19    system("exec /bin/sh");
20    exit(0);
21  }
22}
23
24int main(int argc, char **argv, char **envp)
25{
26  int fd;
27  char *p;
28
29  background_process(NAME, UID, GID);  
30  fd = serve_forever(PORT);
31  set_io(fd);
32
33  while(1) {
34    printf("[ &target = 0x%08x, we want 0x0ddba11, currently is 0x%0x ]\n", &target, target);
35    expand_the_input();
36  }
37
38}

Discussion