This challenge is very similar to Stack0. It will require overflowing a buffer to modify a value in memory. However, this time to complete this challenge, we must modify the value to a specific one. To begin we will take a look at the challenge:

stack1src

As you can see on line 18, the "modified" variable is compared to the hex value 0x61626364. This tells us we need to overflow the value of the "modified" variable with 0x61626364. As this challenge is very similar to Stack0 we can use a similar payload.

pay

Notice the bytes are in reverse order, we need to do this because of little-endian byte order utilized in the x86 CPU architecture. All this means is that our four specific hex values will be read least significant byte first. Read more about endianness here.

Lets disassemble to take a more detailed look!

ins1

Here we can see the instructions starting at the strcpy call. Once this strcpy call has executed, the payload generated earlier is copied to the "buffer" variable, which can overflow into the "modified" variable's buffer, allowing us to modify the value! The next instruction is a mov instruction which will point our EAX register to the address of the "modified" variable which we have overflown with our buffer. The third instruction down will compare our EAX register's value with 0x61626364. And because our EAX value has been overflown with 0x61626364 the fourth instruction you see will not jump.

Value of "modified" variable at instruction 0x080484a7

over

Now lets see it in action!

exec

The "modified" variable has been overwritten with the correct value! Hopefully you gained some knowledge from this post, happy hacking!