Created
July 1, 2021 19:54
-
-
Save gmelodie/e331107f6a1dfb8a95c1658f78def510 to your computer and use it in GitHub Desktop.
Buffer Overflows (MLH show and tell)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main() { | |
| char buffer[5]; | |
| printf("Name: "); | |
| scanf("%s", buffer); | |
| printf("Hello %s!\n", buffer); | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main() { | |
| char buffer[1024]; | |
| printf("Name: "); | |
| scanf("%s", buffer); | |
| printf("Hello %s!\n", buffer); | |
| return 0; | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. stack1 (C, trash trick) | |
| 2. stack (buffer) | |
| 3. bof1 (segfault) | |
| 4. stack (eip) | |
| 5. bof2 (controlling eip) | |
| xtra: ASLR, canary | |
| msf_pattern-create -l 1200 | |
| msf_pattern-offset -l 1200 -q <your_eip> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| all: clean stack1 bof1 | |
| stack1: clean | |
| gcc stack1.c -o stack1 | |
| bof1: clean | |
| echo 0 | sudo tee /proc/sys/kernel/randomize_va_space | |
| gcc bof1.c -fno-stack-protector -o bof1 | |
| bof2: clean | |
| echo 0 | sudo tee /proc/sys/kernel/randomize_va_space | |
| gcc bof2.c -fno-stack-protector -o bof2 | |
| clean: | |
| echo 2 | sudo tee /proc/sys/kernel/randomize_va_space | |
| rm -f stack1 | |
| rm -f bof1 | |
| rm -f bof2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int sum3and4() { | |
| int a = 3; | |
| int b = 4; | |
| return a+b; | |
| } | |
| int print_trash() { | |
| int a, b; | |
| printf("Hello from print_trash\n"); | |
| printf("a: %d\n", a); | |
| printf("b: %d\n", b); | |
| return 0; | |
| } | |
| int main() { | |
| print_trash(); | |
| /* sum3and4(); */ | |
| /* printf("Should be seven -> %d\n", sum3and4()); */ | |
| /* print_trash(); */ | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment