Follow us on twitter

Donate Bitcoins

Fusion

Level 00 Level 01 Level 02 Level 03 Level 04 Level 05 Level 06 Level 07 Level 08 Level 09 Level 10 Level 11 Level 12 Level 13 Level 14 Level 15 Level 16 Level 17 Level 18 Level 19 Level 20 Level 21 Level 22 Level 23 Level 24 Level 25 Level 26 Level 27 Level 28

Fusion level12

About

There is no description available for this level.
Vulnerability Type Stack
Position Independent Executable No
Read only relocations No
Non-Executable stack Yes
Non-Executable heap Yes
Address Space Layout Randomisation Yes
Source Fortification No

Source code

 1#include "../common/common.c"
 2
 3/*
 4 * The aim of this level is to redirect code execution by overwriting an entry
 5 * in the global offset table.
 6 */
 7
 8void callme()
 9{
10  printf("Hmmm, how did this happen?\n");
11  system("exec /bin/sh");
12}
13
14void echo(char *string)
15{
16  printf("You said, \"");
17  printf(string);
18  printf("\"\n");
19  fflush(stdout);
20}
21
22int main(int argc, char **argv, char **envp)
23{
24  int fd;
25  char *p;
26
27  background_process(NAME, UID, GID);  
28  fd = serve_forever(PORT);
29  set_io(fd);
30
31  printf("Basic echo server. Type 'quit' to exit\n");
32
33  while(1) {
34    char input[1024];
35    memset(input, 0, sizeof(input));
36
37    fgets(input, sizeof(input)-1, stdin);
38    if(strlen(input) == 0 || strncmp(input, "quit", 4) == 0) {
39      exit(0);
40    }    
41    
42    if((p = strchr(input, '\r')) != NULL) *p = 0;
43    if((p = strchr(input, '\n')) != NULL) *p = 0;
44
45    echo(input);
46  }
47}

Discussion