Vulnerability Development mailing list archives
Re: Why this wont work
From: joe <moj0e () terra com br>
Date: Thu, 09 Oct 2003 11:00:43 -0300
Well, for various reasons... The first being that your exploit doesn't even compile.
main (void) { char buffer[1032]; /* 1024 + 8 */ int offset,i,ret;char *ptr,*ptr2;
Things such as main() void when it should be void main() .
help () { fprintf ("Usage: %s <offset>\n",argv[0]); exit(0);}
Function declarations inside main....
for (i=0;i<strlen(buffer);i++) { buffer[i]=0x00;}
Putting NULLs into a shellcode is a major no-no. NULL= 0x00 Probably a couple of other reasons too.I think _(but not sure)_ that since there is no printf or something after your strcpy, that you have to overwrite .dtors section.
AND if you are using gcc > 2.95 (or something like that) it wont work.Another thing that will help you, is if you overflow 100 more than necessary (instead of just 8). And last thing that I can think of... It appears to me that you are using shell code that will run a shell Sometimes it is necessary to use shellcode that will just execute a program... instead of prompting for a shell. Also... sometimes shellcode can be specific to the computer you are running (because of addresses).
You might also have to brute force your return address... movl %esp,%eax might not be enough.
Have fun coding!!Try reading smashing the stack for fun and profit and any other buffer overflow paper you can get a hold of.
A good wargame that will help you learn to write exploits can be found at: http://kamikaza.ffk.hr/wargame/
Current thread:
- Re: Why this wont work joe (Oct 09)