API tools faq
paste
Advertisement
ismaelvazquezjr

BOF Vulnerable App

ismaelvazquezjr
Oct 20th, 2019
137
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 2.48 KB | None | 0 0
raw download clone embed print report
  1. ; *************************************************************************
  2. ; 32-bit Windows Console Buffer Overflow Program
  3. ; Created by Ismael Vazquez (@iamismael_)
  4. ; *************************************************************************
  5.                                    
  6. .386                    ; Enable 80386+ instruction set
  7. .model flat, stdcall    ; Flat, 32-bit memory model (not used in 64-bit)
  8. option casemap: none    ; Case insensitive syntax
  9.  
  10. ; *************************************************************************
  11. ; MASM32 proto types for Win32 functions and structures
  12. ; *************************************************************************  
  13. include c:\masm32\include\kernel32.inc
  14. include c:\masm32\include\masm32.inc
  15. include c:\masm32\include\msvcrt.inc
  16.          
  17. ; *************************************************************************
  18. ; MASM32 object libraries
  19. ; *************************************************************************  
  20. includelib c:\masm32\lib\kernel32.lib
  21. includelib c:\masm32\lib\masm32.lib
  22. includelib c:\masm32\lib\msvcrt.lib
  23.  
  24. ; *************************************************************************
  25. ; External function definitions
  26. ; *************************************************************************
  27. strcpy proto C, :DWORD, :DWORD
  28.  
  29. ; *************************************************************************
  30. ; Our data section. Here we declare our strings for our message
  31. ; *************************************************************************
  32. .data
  33. arg1 db "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBCCCCC", 00h
  34.  
  35. ; *************************************************************************
  36. ; Our executable assembly code starts here in the .code section
  37. ; *************************************************************************
  38. .code
  39.  
  40. start:
  41.     Main Proc
  42.         ; function prologue
  43.         push ebp
  44.         mov ebp, esp
  45.        
  46.         ; add 20 bytes of stack space for local variables
  47.         ; 4 = DWORD
  48.         ; 16  = char array
  49.         sub esp, 014h
  50.  
  51.         ; int var1 = 0x1337
  52.         mov dword ptr [esp], 01337h
  53.  
  54.         ; Load the address of ESP(minus the 4 bytes we reserved for our DWORD) into EAX
  55.         lea eax, dword ptr [esp + 04h]
  56.  
  57.         ; Mimicking command line argument(72 bytes long)
  58.         push offset arg1
  59.         ; pass our destination buffer to strcpy
  60.         push eax
  61.         call strcpy
  62.  
  63.         ; clear arguments to strcpy off the stack
  64.         add esp, 08h
  65.  
  66.         ; function epilogue
  67.         pop ebp
  68.         mov esp, ebp
  69.    
  70.         ; exit
  71.         push 0h
  72.         call ExitProcess
  73.         ret
  74.     Main EndP
  75. end start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!