Matasano posted an update, including a link to a walkthrough solution to this challenge:<br><br><a href="http://timetobleed.com/defeating-the-matasano-c-challenge-with-aslr-enabled/">http://timetobleed.com/defeating-the-matasano-c-challenge-with-aslr-enabled/</a><br>
<br><div class="gmail_quote">On Tue, Oct 13, 2009 at 11:28 AM, aestetix aestetix <span dir="ltr"><<a href="mailto:aestetix@gmail.com">aestetix@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<a href="http://chargen.matasano.com/chargen/2009/10/9/a-c-challenge.html" target="_blank">http://chargen.matasano.com/chargen/2009/10/9/a-c-challenge.html</a><br><br>From their blog post:<br><br>"C++ lends itself to much more <a href="http://em386.blogspot.com/2009/06/fun-with-erase.html" target="_blank">complex</a> <a href="http://taossa.com/index.php/2007/01/03/attacking-delete-and-delete-in-c/" target="_blank">vulnerabilities</a>
then plain old C. From templates to string classes, C++ raises the
skill level required to play the memory corruption game. And while the
quality of C/C++ code we see has increased dramatically over the years,
a lot of developers still don’t understand the more obscure C++ bug
classes.
I recently found a vulnerable C++ code pattern that I wanted to
share with our readers. But instead of just writing some boring
technical blog post, Matasano would like to present a C++ audit
challenge to our audience. It consists of a contrived vulnerability
that follows the same vulnerable code pattern. "
</blockquote></div><br>