stack buffer overflow

I come to you for help with this assignment I have; smashing the stack. Implement a buffer overflow attack on the program, isThisGood.c, by exploiting the input, see gets(). If exploit successful, it should invoke the function oopsIGotToTheBadFunction!

a. What is the address of the function oopsIGotToTheBadFunction()?
How did you determine this?

b. What is the address on the stack that your input must overwrite
(address and content please)? How did you locate this address?

c. What is the address of buf?

d. What is the minimum length your input, the length you need to alter
the return address stored on the stack.

e. what is your input - show it in hexa characters since some of the
input is not likely to be printable.

#include <stdio.h>
#include <stdlib.h>

int oopsIGotToTheBadFunction(void)
{
printf("Gotcha!\n");
exit(0);
}

int goodFunctionUserInput(void)
{
char buf[12];
gets(buf);
return(1);
}

int main(void)
{
goodFunctionUserInput();
printf("Overflow failed\n");
return(1);
}

>>34
The point was that the return address is before the arguments in the stack frame. i.e., you only had to worry about overflowing gets() and putting the right address after that. argv didn't matter at all (I don't know why your classmate added that...the point was to exploit the program as-is). The only thing you had missing was getting the correct arithmetic for the amount of bytes needed for overflow (which you can pick up from the assembly). That's why I told you to look at a stack frame.

The correct exploit was to pass any number of characters as the command line argument (so long as it didn't segfault), and to enter some number of characters followed by the correct address to stdin. That's it.

>>35 is not me, nor is >>37