sudo apt update
sudo apt install build-essential gcc-multilib gdb -y
nano hello.c
Copy and paste in this code,
as shown below:
#include <stdio.h>
int main(void){
char name[10];
printf("What is your name?\n");
scanf("%s", name);
printf("Hello, %s!\n", name);
}
Save the file with Ctrl+X, Y, Enter.
Execute these commands to compile and run the program:
gcc -fno-stack-protector -o hello hello.c
./hello
Enter the name FRED and press Enter.
The program runs normally, as shown below.
Run the program again, but enter this name:
MY-NAME-IS-RUMPLESTILTSKINYou see a "Segmentation fault" message, as shown below.
This is a "buffer overflow" error, caused by storing a long name which wrote data past the end of the 10-character array reserved for that purpose, and overwrote important data used to control program flow.
gdb -q hello
run
AAAABBBBCCCCDDDDEEEE
info registers
q
y
CL 10.1: rbx Value (15 pts)
The flag is covered by a green rectangle in the image below.
Posted 1-4-25
Alpine instructions added, including -fno-stack-protector switch 1-10-25
Alpine instructions removed 1-11-25