Stack 2
About

Source Code
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
volatile int modified;
char buffer[64];
char *variable;
variable = getenv("GREENIE");
if(variable == NULL) {
errx(1, "please set the GREENIE environment variable\n");
}
modified = 0;
strcpy(buffer, variable);
if(modified == 0x0d0a0d0a) {
printf("you have correctly modified the variable\n");
} else {
printf("Try again, you got 0x%08x\n", modified);
}
}
This program will use the getenv
function to check if there is an environment variable set to GREENIE
and then assign it to variable
.
Looking at the getenv
man page we see that it searches in the environment list to find the environment variable GREENIE
and returns a pointer to the value string.

So I'm guessing that the environment value must be equal to 0x0d0a0d0a
to change modified
. We already know how to cause an overflow and set the last 4 bytes as the value we want to set modified
to, so we just need to do it using environment variables now. Maybe we can solve this challenge with a python script.

We run it...

And it works! Stack2 solved.
Last updated
Was this helpful?