Welcome to SmashTheStack Forum!
Smash The Stack
wargames
You are not logged in.
Announcement
#1 2010-02-17 14:20:21
- jacquex
- Newbie
- Registered: 2010-02-17
- Posts: 3
Level 10
Is there other way except for hijacking ebp to solve level 10? I can't seem to hijack ebp successfully. It requires more than the last byte to hijack successfully.
Offline
#2 2010-02-17 16:19:05
- Agrajag
- User
- Registered: 2008-02-25
- Posts: 12
Re: Level 10
There is another way, but ebp is easier. And you are a little off. After esp is transferred a word is popped, so adding is wrong. Do the math.
Blowfish 1-13 (all)
iO 1-12
Tux 1
Offline
#3 2010-02-17 22:04:40
- jacquex
- Newbie
- Registered: 2010-02-17
- Posts: 3
Re: Level 10
I guess what I meant by needing more than the last byte is that the ebp of function f is at dbe8 while the ebp of main is at dc18. Therefore by hijacking the last byte doesn't give me the successful attack. Maybe I'm too dumb to figure this out. Could you point me to the right direction, Agrajag?
Thanks
Offline
#4 2010-02-18 22:56:37
- Agrajag
- User
- Registered: 2008-02-25
- Posts: 12
Re: Level 10
You can overwrite more than the last byte. Read the code carefully.
Blowfish 1-13 (all)
iO 1-12
Tux 1
Offline
#5 2010-02-19 11:28:05
- jacquex
- Newbie
- Registered: 2010-02-17
- Posts: 3
Re: Level 10
Thanks so much for the help, Agrajag. I've finally figured it out 
Offline
#6 2010-02-19 13:09:31
- Agrajag
- User
- Registered: 2008-02-25
- Posts: 12
Re: Level 10
No problem. You might get responses faster over irc, the forum is not checked very frequently.
Blowfish 1-13 (all)
iO 1-12
Tux 1
Offline