Using gdb to calculate return address

Question

I'm currently doing a school project right now, and I'm lost on using gdb on ubuntu to find a buffer overflow vulnerability.

I've never used gdb before, but did a little bit of research on the internet and when I used the "disas main" command I was quite overwhelmed at what I was looking at.

I was wondering if someone can walk me through on how to debug this program or any other programs and show me how the return address is found.

I have this code here:

/* This program has a buffer overflow vulnerability. */
/* Our task is to exploit this vulnerability */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int bof(char *str)
{
    char buffer[12];
    /* The following statement has a buffer overflow problem */
    strcpy(buffer, str);
    return 1;
}

    int main(int argc, char **argv)
{
    char str[512];
    FILE *badfile;
    badfile = fopen("badfile", "r");
    fread(str, sizeof(char), 5122, badfile);
    bof(str);
    printf("Returned Properly\n");
    return 1;
}

Answer 1

In the debugger you can see the disassembled code, just put a break point to the ret operand of your function. When it stops, see the value of the esp register which points you to the stack address. Then explore the memory at this address and the first 4 (depending on your platform) bytes will give you the address which will be used to return to.