security - Writing a buffer overflow exploit -


i understand there quite few tutorials on how write buffer overflow, still can't write own.

the following c code want hack:

#include <stdio.h> #include <stdlib.h>  static int x = 8;  void prompt(){     char buf[100];      gets(buf);     printf("you entered: %s\n", buf);  }  int main(){     prompt();      return 0; }  void target(){     printf("haha! made it!\n");     exit(0); } 

my goal execute target () function via buffer overflow exploit. through trial , error, i've discovered minimum number of characters required obtain segmentation fault 108. (therefore 107 characters not cause seg fault) i've disassembled binary, , found target executable @ address 0x08048e7f

i've flipped byte order compensate endian-ness. --> 0x7f8e0408 converted hexadecimal binary, ascii, obtaining: & # 3 8 1 ; (ignore spaces, stackoverflow doesn't show originally) afterwards, inserted first 107 characters, , Ž

thus, attack string is: iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiŽ still gives me segmentation fault. i've compiled so:

gcc ./vuln_program.c -fno-stack-protector -z execstack -static -o vuln_program 

and have disabled protections beforehand so:

sudo sysctl -w kernel.randomize_va_space=0 

i using 32 bit ubuntu virtual machine.

any ideas? thank you.

edit: realized output on site being read weird characters. if see weird z, 1) & 2) # 3) 3 4)8 5) 1 6) ; in exact order


Comments

Popular posts from this blog

css - SVG using textPath a symbol not rendering in Firefox -

Java 8 + Maven Javadoc plugin: Error fetching URL -

datatable - Matlab struct computations -