Hacker's Sandbox

Support and conversations related to playing "The Hacker's Sandbox" as found on Flying Monkey Army.


You are not connected. Please login or register

Help on morbid (contains spoilers)

View previous topic View next topic Go down  Message [Page 1 of 1]

1 Help on morbid (contains spoilers) on Fri Aug 15, 2014 7:22 am

I think I understand the theory behind this one. Just having trouble with the actual data.

Obviously the goal is to create a buffer overflow that breaks the 'data' executable.
I see that a 10 byte string is called for and you would want to break the program by overwriting it.
The dump files tell you which hex values can be used to exploit the executable.
You can enter the hex values with the unicode program. Then run 'data' and it should break. Thus giving you root.

Am I even close? lol

I feel like I'm "getting it" just enough to look stupid. =\
Or in other words (if I'm close) then I know what to do, just not sure how to do it.

If I'm correct in theory, then my problem is reading and understanding the dump files. (Not familiar with C++) I've tried researching this and the "real world" examples lead me to believe I'm correct on the concept, but they're not very helpful with actual command input.

View user profile

2 Re: Help on morbid (contains spoilers) on Thu Oct 02, 2014 11:53 am

You are pretty close. I should write an actual article on my blog for this.

To successfully perform a buffer overflow, you need to control the information that gets put on the stack. The stack will look something like this:

[BUFFER][STACK_FRAME_POINTER][RETURN_ADDRESS]

The idea here is to overflow the buffer just enough to fill your own values in the RETURN_ADDRESS portion of the stack. This will allow you to change the flow of execution in the program.

There are a few things to note here:
* How big is the buffer? (Remember, regardless of how much memory you WANT to allocate, a machine can only allocate in blocks. A 32-bit machine can allocate a minimum of 32 bits at a time. A 64 bit machine can allocate a minimum of 64 bits at a time.
* How big is the SFP? (The machine will allocate one block of memory for this, so it depends on the architecture as well)
* When placing values in to the return address, it reads the bytes on the stack in reverse order. So if you have values 12 34 AB, you would put them in AB 34 12

Good luck! Let me know if this helped.

View user profile http://hackersandbox.forumotion.com

3 Re: Help on morbid (contains spoilers) on Thu Oct 09, 2014 8:52 pm

For anyone interested, I made a proper write-up on buffer overflows that you can use to get help for this mission:
http://www.unix-ninja.com/p/A_Foundation_for_Buffer_Overflow_Attacks/

Very Happy

View user profile http://hackersandbox.forumotion.com

Sponsored content


View previous topic View next topic Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum