PwnCollege BabyMem

Really enjoyed Challenge 5 on integer overflow and Challenge 15 on brute forcing stack canaries!

Challenge 5 was quite realistic as I happened to read a write-up that seems to have the same logic flaw. This was the write-up I was looking at that I find particularly relevant:

Calculations were done twice using variables of different size (eg short vs integer vs double) which led to an overflow.

Summary of my learning points:

  1. Don’t assume (Mistake I made was I tested max value of signed 32int = 2147483647 and subsequently went to test negative value. Never test max value 2147483647+1 etc)
  2. In gdb, a read with very large buffer will fail!
  3. Pay attention to the use of registers. One use eax, one use rax = fishy.
  4. Forking child process allows canaries brute forcing

And here are my solutions:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store