Protostar - stack3

This is my fourth post on the Protostar series hosted by Exploit Exercises

We start off with understanding what is being asked of us:


Stack3 looks at environment variables, and how they can be set, and overwriting function pointers stored on the stack (as a prelude to overwriting the saved EIP)
  • both gdb and objdump is your friend you determining where the win() function lies in memory.
This level is at /opt/protostar/bin/stack3

Source code

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void win()
  printf("code flow successfully changed\n");

int main(int argc, char **argv)
  volatile int (*fp)();
  char buffer[64];

  fp = 0;


  if(fp) {
      printf("calling function pointer, jumping to 0x%08x\n", fp);