Protostar/Heap 1

If you get stuck, you can watch the solution and explanation here:

Introducing the heap by looking at what malloc() does.

We are solving heap1 from exploit-exercises.com by exploiting a heap overflow.

This level takes a look at code flow hijacking in data overwrite cases.

This level is at /opt/protostar/bin/heap1

heap1.c

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <sys/types.h>

  

struct internet {
  int priority;
  char *name;
};

void winner()
{
  printf("and we have a winner @ %d\n", time(NULL));
}

int main(int argc, char **argv)
{
  struct internet *i1, *i2, *i3;

  i1 = malloc(sizeof(struct internet));
  i1->priority = 1;
  i1->name = malloc(8);

  i2 = malloc(sizeof(struct internet));
  i2->priority = 2;
  i2->name = malloc(8);

  strcpy(i1->name, argv[1]);
  strcpy(i2->name, argv[2]);

  printf("and that's a wrap folks!\n");
}

See also

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Part 1: reverse engineering the functionality of the cookbook binary with IDA

This is a mirror. Copyright and original can be found here: exploit-exercises.com/protostar/heap1/