#include<stdio.h>#include<stdlib.h>#include<string.h>#include<unistd.h>// Defined in a separate source file for simplicity.voidinit_visualize(char* buff);voidvisualize(char* buff);voidsafeguard();voidprint_flag();voidvuln() {char padding[16];char buff[32];int notsecret =0xffffff00;int secret =0xdeadbeef;memset(buff,0,sizeof(buff)); // Zero-out the buffer.memset(padding,0xFF,sizeof(padding)); // Zero-out the padding.// Initializes the stack visualization. Don't worry about it!init_visualize(buff);// Prints out the stack before modificationvisualize(buff);printf("Input some text: ");gets(buff); // This is a vulnerable call!// Prints out the stack after modificationvisualize(buff);// Check if secret has changed.if (secret ==0x67616c66) {puts("You did it! Congratuations!");print_flag(); // Print out the flag. You deserve it.return; } elseif (notsecret !=0xffffff00) {puts("Uhmm... maybe you overflowed too much. Try deleting a few characters."); } elseif (secret !=0xdeadbeef) {puts("Wow you overflowed the secret value! Now try controlling the value of it!"); } else {puts("Maybe you haven't overflowed enough characters? Try again?"); }exit(0);}intmain() {setbuf(stdout,NULL);setbuf(stdin,NULL);safeguard();vuln();}
The program sets a buffer of 32 bytes and then padding of 16 bytes.
It then creates two variables notsecret and secret and sets their value to 0xffffff00 and 0xdeadbeef respectively.
The program then has four conditional statements:
Executes if the value of secret has been set to 0x67616c66 and prints out the flag.
Executes if the value of notsecret has been altered.
Executes if the value of secret has been altered but not set to 0x67616c66.