HackMe3 – Buffer overflow

Posted on Posted in Linux, Reverse Engineering, Windows No Comments

HackMe3:
This password crack should be hacked by buffer overflow.

Download File: HackMe3(Linux)
Download File: HackMe3(Windows)

Theory:
The RAM layout has different virtual address spaces for every single process. The structure of a virtual address space is illustrated in the figure below.
ram
A stack buffer overflow can be for example a “write” in another variable. This is possible due to the stack structure. If we have the following C code.

int main(void)
{
    char Buffer[16];
    int pwValid = 0;
    return 0;
}

The stack looks like this.

stack

With this information if more than 16 letters will be written to the “Buffer” variable the stack will write into the next address space, where in this case the integer value “pwValid” is located. Due to this fact it is possible to change the value of a variable through a so called buffer overflow.

Spoiler 
$ ./hackme3_linux
Copyright by NM-Projects.de
Enter password: 012345678901234567890

Wrong password
Root access granted!

Source code:

#include "stdio.h"
#include "strings.h"

int main(void)
{
    char pass_in[15];
    int valid = 0;
    int pw = 1;
    int i;


    printf("Copyright by NM-Projects.de\n");
    printf("Enter password: ");
    gets(pass_in);

    if(strcmp(pass_in, "secretpw")){
     pw = 0;
    }


    if(pw == 0)
    {
        printf("\nWrong password\n");
    }
    else
    {
        printf("\nRight password!\n");
        valid = 1;
    }

    if(valid){
        printf("Root access granted!\n");
    }

    getchar();
    return 0;
}

Leave a Reply

Your email address will not be published. Required fields are marked *

*