Protostar – Introduction

As mention in the previous post, it’s a bit complicate to gather the team for CTFs, therefore, I decided to look at offline security challenges. So in the following articles, I would like to start a list of write-ups for the exercises from Protostar.

You will need some basics in assembly language as well as some understanding of the stack structure.

Table of content

Description

Protostar introduces basic memory corruption issues such as buffer overflows, format strings and heap exploitation under “old-style” Linux system that does not have any form of modern exploit mitigation systems enabled.

Getting started

Download the ISO, then boot a new VM from the ISO. On the boot page, select “live”.

I would recommend to configure the network as “Host only”. Once booted, type the username “root” and the password “godmode”. Once logged in, type ifconfig  in order to find your IP address.

In your terminal, connect to ssh on the VM: ssh user@<ip-of-the-vm> , add the key in the list of your known hosts then type the password “user”. Once connected, you should have this beautiful banner:

Once connected, I would recommend to switch to bash. For this, simply type bash.

Note: You might have a  Host key verification failed.  in your terminal. This is because a new ssh key is generated at each boot. Therefore, you just need to edit the file ~/.ssh/known_hosts  and delete the line with the IP of the VM.