Simple Buffer Overflow


The form below calls a C program with a simple buffer overflow vulnerability. The "name" variable can overflow into the "cmd" variable.

Here's the source code:

Vulnerable Form

Try putting in a short name, and then make the name longer until you get unexpected results.

For a good time, try this string:

Your name:    

Challenge 1: Long List

Execute the "ls -l" command by entering a crafted name, so it shows file details, as shown below.


If spaces are annoying you, try this.

Challenge 2: Add Your Name to the Hall of Fame

Put your name in this file:

After one minute, your name will appear on the WINNERS page here:


Your injected code runs in a dash shell.

To write to a file named foo, execute:

echo "HELLO" > foo

Source code and explanation


I based this on the "pwn1" and "pwn2" challenges in the 2015 SCTF competition.

Posted 4-3-16 by Sam Bowne
Last modified 5-9-17