Simple Buffer Overflow
The form below calls a C program with a simple buffer overflow
vulnerability. The "name" variable can overflow into the
Here's the source code:
Try putting in a short name, and then make the name longer until you get
For a good time, try this string:
Challenge 1: Long List
Execute the "ls -l" command by entering
a crafted name,
so it shows file details,
as shown below.
If spaces are annoying you, try
Challenge 2: Add Your Name to the Hall of Fame
Put your name in this file:
After one minute, your name will appear
on the WINNERS page here:
Your injected code runs in a dash shell.
To write to a file named foo, execute:
echo "HELLO" > foo
Source code and explanation
I based this on the "pwn1" and "pwn2"
challenges in the
Posted 4-3-16 by Sam Bowne
Last modified 5-9-17