Name: Anonymous 2009-02-18 20:46
void f ( char * s ) {
gets ( s );
}
int main () {
char input [100]
f ( input )
}
The input here isn't checked. If you enter more than 100 characters as input to this program, you can overwrite certain offsets of the stack. I'm told that you can overwrite it in such a way that the return address of gets() is overwritten to point to the beginning of input[], and you can craft the first 100 chars of input to be machine code, so then once gets() returns it executes your machine code.
The concept is pretty simple to understand, but I'm having some trouble grasping how exactly I would do that. Could a more knowledgeable person than myself help me understand how to do that?
For example, how would I craft the input to this program so that it prints "123"? Do I have to be familiar with x86 asm to be able to do this? (100 chars might not be enough, I don't know).
Thanks in advance for any help.
gets ( s );
}
int main () {
char input [100]
f ( input )
}
The input here isn't checked. If you enter more than 100 characters as input to this program, you can overwrite certain offsets of the stack. I'm told that you can overwrite it in such a way that the return address of gets() is overwritten to point to the beginning of input[], and you can craft the first 100 chars of input to be machine code, so then once gets() returns it executes your machine code.
The concept is pretty simple to understand, but I'm having some trouble grasping how exactly I would do that. Could a more knowledgeable person than myself help me understand how to do that?
For example, how would I craft the input to this program so that it prints "123"? Do I have to be familiar with x86 asm to be able to do this? (100 chars might not be enough, I don't know).
Thanks in advance for any help.