Smash The Stack

General technological topics without their own forum go here

Smash The Stack

Post by 0phidian on Wed Nov 14, 2012 9:51 pm
([msg=70877]see Smash The Stack[/msg])

Have you guys heard of, or played around with Smashthestack before? It's a pretty fun wargame to play around with. You ssh into one of their boxes and try to "level up" by escalating your privleges with a buffer overflow. I'll admit buffer overflows aren't my speacialty but it's still fun to play around and learn.

Edit: :shock: Of course as soon as I post the site wont respond, I promise thats the correct link though.
User avatar
0phidian
Poster
Poster
 
Posts: 270
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)


Re: Smash The Stack

Post by not_essence2 on Wed Nov 14, 2012 9:55 pm
([msg=70879]see Re: Smash The Stack[/msg])

I've went to the site before, but I don't have the time (school, homework and parents), and I haven't reviewed buffer overflow for a long time now. However, it seems fun. Just like RootTheBox.
not_essence2
Poster
Poster
 
Posts: 189
Joined: Fri Sep 14, 2012 6:09 pm
Blog: View Blog (0)


Re: Smash The Stack

Post by centip3de on Thu Nov 15, 2012 1:58 pm
([msg=70898]see Re: Smash The Stack[/msg])

0phidian wrote:Have you guys heard of, or played around with Smashthestack before? It's a pretty fun wargame to play around with. You ssh into one of their boxes and try to "level up" by escalating your privleges with a buffer overflow. I'll admit buffer overflows aren't my speacialty but it's still fun to play around and learn.

Edit: :shock: Of course as soon as I post the site wont respond, I promise thats the correct link though.


I've done quite a few of the ones in IO, I'm pretty sure all the way up to level 10? 15? Something like that. It's a fun thing to do on the side, although several of the one's were pretty unlikely to happen in a real-life scenario (something similar to HTS's missions), but it's still a hell of a way to spend an afternoon.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1443
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Smash The Stack

Post by Amazingred on Thu Nov 15, 2012 5:00 pm
([msg=70912]see Re: Smash The Stack[/msg])

Sweet. Thats actually one i didn't know about. I'll check it out later on when i'm bored.
There are 10 types of people in the world. Those who understand binary and those who don't.
User avatar
Amazingred
Experienced User
Experienced User
 
Posts: 73
Joined: Wed Jul 25, 2012 7:10 pm
Location: Wayyyyyy out there
Blog: View Blog (0)


Re: Smash The Stack

Post by LoGiCaL__ on Thu Nov 15, 2012 9:30 pm
([msg=70925]see Re: Smash The Stack[/msg])

What's the deal with this? Did it work? I want to check it out sounds interesting.

Here's something that might interest you although it is over at the moment but has a blog. They had two contests so far. Had a good turn out both times.

https://stripe-ctf.com/

You can click on sign in and create a new account to check out the last contests challenges.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Smash The Stack

Post by centip3de on Fri Nov 16, 2012 1:07 am
([msg=70936]see Re: Smash The Stack[/msg])

LoGiCaL__ wrote:What's the deal with this? Did it work? I want to check it out sounds interesting.

Here's something that might interest you although it is over at the moment but has a blog. They had two contests so far. Had a good turn out both times.

https://stripe-ctf.com/

You can click on sign in and create a new account to check out the last contests challenges.


Essentially, you SSH into a box, and then gain admin access, allowing you to read a text file, giving you the password to advance to the next level. All of these challenges involve manipulating programs, and you occasionally get the source code to said programs. Sometimes the exploits are buffer overflow exploits (I think there are 3 in the IO challenges (They get pretty creative at the end... I think on one of them, I had to write a C program, reference it in a path variable, find the address of that variable, write a script in Python to NOP sled to the end of the buffer, and then input the address to my path variable, gaining admin access. Crazy shit.), some of them involve debugging and patching, and some of them are more creative exploits (Some programs rely on path local/environmental/path variables, which you can exploit), and some of them are... Well, they're hard to describe without giving away the answer.

Anyways, they're fun as hell, and I'd recommend them to just about anyone.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1443
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests