Vulnerability Development mailing list archives
exploit coding
From: roland kwitt <sniper () f1lesystem net>
Date: Sun, 17 Jun 2001 21:34:13 +0200 (CEST)
hi folks, here i am again with a question on writing exploits! my problem is that in the last exploit i wrote the buffer i overflowed was the first variable in the program - so i was not further difficult to guess the offset. now i found a buffer overflow problem in a litte program my friend wrote - a dynamic dns entry updater (runs as setuid root). the variable is now no longer in first place. in my last exploit i used the function sp() to get the stack pointer and wanted the user to enter the offset. Now i calculated the return address subtraction the offset from the stack pointer. generally the value 0 was ok for the offset and my exploit worked as i wanted it. can anybody tell me how i can guess the offset and how to calculate the return address if the variable is not the first one in the program? piece of code from an exploit!! offset = atoi(argv[1]); esp = sp(); #get stack pointer ret = esp-offset; thanks, sniper sniper () f1lesystem net
Current thread:
- exploit coding roland kwitt (Jun 18)
- Re: exploit coding Sebastian (Jun 18)
- <Possible follow-ups>
- Re: Exploit Coding Don Tansey (Jun 18)
- Re: exploit coding ConKing (Jun 18)
- Re: exploit coding Olivier Gay (Jun 19)