Hack This Site Extended Basic 1
After completing the JavaScript section I contemplated whether to continue on with this website or find a new one. I ended up settling on some extended basic missions which display concepts I haven’t dealt with yet.
Problem
We are given a couple lines of C code that copies a string into another variable. How do we crash such a simple function? I’d highly suggest reading about string copy function to understand what it does and it’s limitations.
Solution
If you followed the article above about string copy then you would of found a section mentioning the destination string must be large enough to handle the copied string.
Now looking back at the code the variable lol only has a limit of 200 characters it can store. Since the variable isn’t allocating memory to the size of the string or has any limits on length, we can just dump 200+ characters into the text box to break this.
All you have to do is copy and paste a bunch of letter until you hit greater than 200 and the mission will complete.
Why this relates to security you might ask? Stack Buffer Overflow attacks have been used to crash systems, gain access to root on systems running code and segmentation faults. Several websites used C code for handling user input without any checks and balances. Anytime you overflow a function in C you can traverse the memory like you own the place.
Thanks for the read.
