Proj 5x: Linux Buffer Overflow With Canary (25 pts.)

What You Need

A 32-bit x86 Kali Linux 2.0 machine, real or virtual.

To connect to the server, in a Terminal window, execute this command:


nc attack32direct.samsclass.info 9010
If you'd like a local copy of the server binary to analyze, use this command.

curl https://samsclass.info/127/proj/pre2 > pre2
Exploit this process and get a shell on the server. Then put your name in this file:

/home/p5x/winners
Create this file:

/home/p5x/updatenow
After one minute, your name will appear on the WINNERS page here:

http://attack32direct.samsclass.info/winners5.html

Troubleshooting

If your exploit fails, it might be that the port is in use. You can check the local network connections at this page:

http://attack32direct.samsclass.info/netstat.htm

That page is updated every 5 seconds.

NOTES:

If you kill the server, it will restart after one minute

There are two other identical servers running on ports 9011 and 9012.

Every 15 minutes, all three servers are restarted

Saving a Screen Image

Make sure YOUR NAME (or an alias) is visible on the WINNERS page.

Capture a full-screen image.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 5x", replacing "YOUR NAME" with your real name.

Turning in your Project

Email the images to cnit.127sam@gmail.com with the subject line: Proj 5x from YOUR NAME

Credits

This was part of the CSAW 2015 Competition.

Hints


Posted 9-21-15
URL changed to "direct" 1-19-17