Stack 2

About

Source Code

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];
  char *variable;

  variable = getenv("GREENIE");

  if(variable == NULL) {
      errx(1, "please set the GREENIE environment variable\n");
  }

  modified = 0;

  strcpy(buffer, variable);

  if(modified == 0x0d0a0d0a) {
      printf("you have correctly modified the variable\n");
  } else {
      printf("Try again, you got 0x%08x\n", modified);
  }

}

This program will use the getenv function to check if there is an environment variable set to GREENIE and then assign it to variable.

Looking at the getenv man page we see that it searches in the environment list to find the environment variable GREENIE and returns a pointer to the value string.

So I'm guessing that the environment value must be equal to 0x0d0a0d0a to change modified. We already know how to cause an overflow and set the last 4 bytes as the value we want to set modified to, so we just need to do it using environment variables now. Maybe we can solve this challenge with a python script.

We run it...

And it works! Stack2 solved.