Simple Buffer Overflow
Explanation
The form below calls a C program with a simple buffer overflow
vulnerability. The "name" variable can overflow into the
"cmd" variable.
Here's the source code:
Vulnerable Form
Try putting in a short name, and then make the name longer until you get
unexpected results.
For a good time, try this string:
0123456789012345678901234567890123456789ls
Challenge 1: Long List
Execute the "ls -l" command by entering
a crafted name,
so it shows file details,
as shown below.
Hint
If spaces are annoying you, try
this.
|
Challenge 2: Add Your Name to the Hall of Fame
Put your name in this file:
/tmp/bufo/winners
After one minute, your name will appear
on the WINNERS page here:
http://attack3214.samsclass.info/root/bufo-winners.html
Hint
Your injected code runs in a dash shell.
To write to a file named foo, execute:
echo "HELLO" > foo
|
Source code and explanation
Sources
I based this on the "pwn1" and "pwn2"
challenges in the
2015
SCTF competition.
Posted 4-3-16 by Sam Bowne
Last modified 5-9-17