Posts List

Protostar Final0-3 write-ups

Final0 The application is expecting a username and then returns it in Upper case $ nc localhost 2995 alvaro No such user ALVARO The buffer is 512 bytes long but we need to look for the EIP overwrite offset since the compiler can change the buffer size to align it or other nasty reasons. We start trying to segfault the program till we get it with: echo `python -c 'print "A"*532 + "DDDD"'` | nc localhost 2995 We can verify it with gdb and the core dump: