As we can see, there’s the buffer, modified variable and variable that is loaded from the environment variable GREENIE and copied into the buffer. In addition we have different if statement to satisfy - if(modified == 0x0d0a0d0a).
But let’s remember the previous challenges and keep in mind that 66 bytes will overwrite 2 bytes from the modified variable. We can now simply export the GREENIE environment variable and assign to it 66 A letters.
What will happen?
As you can see that’s the same kind of vulnerability as in the previous challenges. Now we can finish it with last commands.
If you have any suggestions regarding this post or just want to chat together check out these ways to reach out to me.