Vuln Dev
Re: Re: understanding buffer overflows Nov 02 2007 08:35AM
secacc7 hotmail com
thx.. this was a great example. yesterday i posted a replay with a different email address so i think, it was not acceptet.

i edited your exampleas followed(maybe it was a bit different, im now at work..)

vuln.cpp:

#include <stdio.h>

#include <string.h>

int foo(char *a)

{

char buffer[10];

strcpy((char *)buffer,a);

return 0;

}

int main(int argc, char * argv[])

{

foo(argv[1]);

return 0;

}

test.cpp:

#include <stdio.h>

int main()

{

char shellcode[]="Your provided shellcode";

printf("Address of Shellcode:%p\n",&shellcode);

char buffer[20];

//to put the address of shellcode at the correct position of buffer ( i ve stack randmoization on i thik so its not static) - in my case i thing it was "14"

//dont no the currect conversation:

*(long *)&buffer[14]=(long *)&shellcode;

execlp("./vuln", "vuln", buffer, NULL);

}

ant this worked fine: after execute (./test) I get a result like this:

Address of shellcode: 0xbffff0c0

and gdb says too that eip points to 0xbffff0c0

i think this looks good - does it?

anyway, i didnt get a new instance of the shell.

if think maybe the shellcode havnt worked.

greets michael!

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus