Follow us on twitter

Donate Bitcoins

Stack levels

Stack 0 Stack 1 Stack 2 Stack 3 Stack 4 Stack 5 Stack 6 Stack 7

Format string levels

Format 0 Format 1 Format 2 Format 3 Format 4

Heap levels

Heap 0 Heap 1 Heap 2 Heap 3

Network programming

Net 0 Net 1 Net 2 Net 3

Final levels

Final 0 Final 1 Final 2

Protostar stack6

About

Stack6 looks at what happens when you have restrictions on the return address.

This level can be done in a couple of ways, such as finding the duplicate of the payload ( objdump -s will help with this), or ret2libc , or even return orientated programming.

It is strongly suggested you experiment with multiple ways of getting your code to execute here.

This level is at /opt/protostar/bin/stack6

Source code

 1#include <stdlib.h>
 2#include <unistd.h>
 3#include <stdio.h>
 4#include <string.h>
 5
 6void getpath()
 7{
 8  char buffer[64];
 9  unsigned int ret;
10
11  printf("input path please: "); fflush(stdout);
12
13  gets(buffer);
14
15  ret = __builtin_return_address(0);
16
17  if((ret & 0xbf000000) == 0xbf000000) {
18    printf("bzzzt (%p)\n", ret);
19    _exit(1);
20  }
21
22  printf("got path %s\n", buffer);
23}
24
25int main(int argc, char **argv)
26{
27  getpath();
28
29
30
31}

Discussion