How can I exploit a segfault and run a shell command?

Question

Following this: How can I exploit a buffer overflow?

I have a code compiled using -fno-stack-protector :

#include <stdio.h>

void shellcode(){
    printf("\n Reached shellcode!");
}

int main(int argc, char **argv){
    char buf[3];
    sprintf(buf, "%s", argv[1]);
    return 0;
}

but unable to execute the shellcode function.

Like in that post i am using:

python -c 'print "A"*27+"\x49\x11\x00\x00\x00\x00\x00\x00"' > input

./a < input

Get a segfault at:

./a 12345678901
Segmentation fault (core dumped)

but nothing happens.

my main goal is to execute ls on linux os instead of shellcode function. but right now nothing works.

Answer 1

There are two potential problems here:

1. By using sprintf(.., argv[1]) , you seem to be expecting input from argv. But ./a < input directs the file to STDIN

2. ASLR could screw your exploit up. Meaning that you don't know if the address is correct.

It's very difficult to answer such questions without having the binary (a) itself, or at least the Makefile.

If I were you, I would work with a debugger (GDB is great) until the exploit works. But it's worth noting that with ASLR, it would be tough.