Hacker's Sandbox
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Hacker's Sandbox

Support and conversations related to playing "The Hacker's Sandbox" as found on Flying Monkey Army.


You are not connected. Please login or register

Help on morbid (contains spoilers)

2 posters

Go down  Message [Page 1 of 1]

1Help on morbid (contains spoilers) Empty Help on morbid (contains spoilers) Fri Aug 15, 2014 7:22 am

Nakana



I think I understand the theory behind this one. Just having trouble with the actual data.

Obviously the goal is to create a buffer overflow that breaks the 'data' executable.
I see that a 10 byte string is called for and you would want to break the program by overwriting it.
The dump files tell you which hex values can be used to exploit the executable.
You can enter the hex values with the unicode program. Then run 'data' and it should break. Thus giving you root.

Am I even close? lol

I feel like I'm "getting it" just enough to look stupid. =\
Or in other words (if I'm close) then I know what to do, just not sure how to do it.

If I'm correct in theory, then my problem is reading and understanding the dump files. (Not familiar with C++) I've tried researching this and the "real world" examples lead me to believe I'm correct on the concept, but they're not very helpful with actual command input.

2Help on morbid (contains spoilers) Empty Re: Help on morbid (contains spoilers) Thu Oct 02, 2014 11:53 am

unix-ninja


Admin

You are pretty close. I should write an actual article on my blog for this.

To successfully perform a buffer overflow, you need to control the information that gets put on the stack. The stack will look something like this:

[BUFFER][STACK_FRAME_POINTER][RETURN_ADDRESS]

The idea here is to overflow the buffer just enough to fill your own values in the RETURN_ADDRESS portion of the stack. This will allow you to change the flow of execution in the program.

There are a few things to note here:
* How big is the buffer? (Remember, regardless of how much memory you WANT to allocate, a machine can only allocate in blocks. A 32-bit machine can allocate a minimum of 32 bits at a time. A 64 bit machine can allocate a minimum of 64 bits at a time.
* How big is the SFP? (The machine will allocate one block of memory for this, so it depends on the architecture as well)
* When placing values in to the return address, it reads the bytes on the stack in reverse order. So if you have values 12 34 AB, you would put them in AB 34 12

Good luck! Let me know if this helped.

https://hackersandbox.board-directory.net

3Help on morbid (contains spoilers) Empty Re: Help on morbid (contains spoilers) Thu Oct 09, 2014 8:52 pm

unix-ninja


Admin

For anyone interested, I made a proper write-up on buffer overflows that you can use to get help for this mission:
http://www.unix-ninja.com/p/A_Foundation_for_Buffer_Overflow_Attacks/

Very Happy

https://hackersandbox.board-directory.net

Sponsored content



Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum