Reverse-Engineering

Introduction Stack Four is the continuation of the stack-based buffer overflow challenges. Recon Use rabin2 to get information about the binary. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 $ rabin2 -I /opt/phoenix/i486/stack-four arch x86 baddr 0x8048000 binsz 3608 bintype elf bits 32 canary false class ELF32 compiler GCC: (GNU) 7.3.0 crypto false endian little havecode true intrp /opt/phoenix/i486-linux-musl/lib/ld-musl-i386.so.1 laddr 0x0 lang c linenum true lsyms true machine Intel 80386 maxopsz 16 minopsz 1 nx false os linux pcalign 0 pic false relocs true relro no rpath /opt/phoenix/i486-linux-musl/lib sanitiz false static false stripped false subsys linux va true Same info as the previous levels. ...

Introduction Stack Three is the continuation of the stack-based buffer overflow challenges. Recon To get information about the binary, rabin2 is really useful. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 $ rabin2 -I /opt/phoenix/i486/stack-three arch x86 baddr 0x8048000 binsz 3812 bintype elf bits 32 canary false class ELF32 compiler GCC: (GNU) 7.3.0 crypto false endian little havecode true intrp /opt/phoenix/i486-linux-musl/lib/ld-musl-i386.so.1 laddr 0x0 lang c linenum true lsyms true machine Intel 80386 maxopsz 16 minopsz 1 nx false os linux pcalign 0 pic false relocs true relro no rpath /opt/phoenix/i486-linux-musl/lib sanitiz false static false stripped false subsys linux va true Once more, this is a 32-bit Linux ELF with no protection against stack overflows. ...

Introduction Stack Two is the continuation of the stack-based buffer overflow challenges. Recon Once more, rabin2 is used to get some information about the binary. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 $ rabin2 -I /opt/phoenix/i486/stack-two arch x86 baddr 0x8048000 binsz 3750 bintype elf bits 32 canary false class ELF32 compiler GCC: (GNU) 7.3.0 crypto false endian little havecode true intrp /opt/phoenix/i486-linux-musl/lib/ld-musl-i386.so.1 laddr 0x0 lang c linenum true lsyms true machine Intel 80386 maxopsz 16 minopsz 1 nx false os linux pcalign 0 pic false relocs true relro no rpath /opt/phoenix/i486-linux-musl/lib sanitiz false static false stripped false subsys linux va true Of the important info above, everything is the same as the previous levels. The binary is a 32-bit Linux ELF with no protection against stack overflow. ...

Introduction Stack One is very similar to Exploit Education Phoenix x86 Stack Zero with a few minor exceptions, which will be introduced shortly. Recon The use of rabin2 is essential to understand a little bit about the binary. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 $ rabin2 -I /opt/phoenix/i486/stack-one arch x86 baddr 0x8048000 binsz 3651 bintype elf bits 32 canary false class ELF32 compiler GCC: (GNU) 7.3.0 crypto false endian little havecode true intrp /opt/phoenix/i486-linux-musl/lib/ld-musl-i386.so.1 laddr 0x0 lang c linenum true lsyms true machine Intel 80386 maxopsz 16 minopsz 1 nx false os linux pcalign 0 pic false relocs true relro no rpath /opt/phoenix/i486-linux-musl/lib sanitiz false static false stripped false subsys linux va true So as to avoid repetition, the information about the binary is almost identical to that of the previous level. To sum up, this is a 32-bit Linux ELF with no protection against stack-based buffer overflows, among others. ...

Introduction Phoenix is a virtual machine that can be obtained from exploit.education. It provides an educational environment so that one can practice on their skills. For additional details, visit the website. In case of reluctancy due to the risk of downloading an unknown virtual machine, Debian packages are also provided. Stack Zero, which is the first level, introduces the legendary stack-based buffer overflow. Recon In order to get a glimpse of what the binary is all about, rabin2 comes to the rescue: ...