r3k0j
Reputation: 187
Buffer overflow attack not going as intended
I was watching this video on youtube: https://www.youtube.com/watch?v=1S0aBV-Waeo and i was trying to do the same steps shown in the video, but i can't seem to overwrite the EIP. I don't know if it's because the gdb may have changed during the years, or if anything else has. What i get when i try to overflow is the following
Program received signal SIGSEGV, Segmentation fault.
0x080491ac in main (
argc=<error reading variable: Cannot access memory at address 0x41414141>,
argv=<error reading variable: Cannot access memory at address 0x41414145>)
at example.c:9
9 }
and not what you normally see in these buffer overflow exploit videos
Program received signal SIGSEGV, Segmentation fault.
0x0000414141414141 in ?? ()
I can't seem to overwrite the eip, no matter how large my input is. The code is the same as shown in the video with a smaller buffer size.
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv){
char buffer[10];
strcpy(buffer, argv[1]);
return 0;
}
I also get asked the following when running my program in gdb for the first time.
This GDB supports auto-downloading debuginfo from the following URLs:
<https://debuginfod.archlinux.org>
Enable debuginfod for this session? (y or [n])
This is the register info in gdb.
Breakpoint 2, 0x08049196 in main (argc=2, argv=0xffffd434) at example.c:6
6 strcpy(buffer, argv[1]);
(gdb) info reg
eax 0x804bff4 134529012
ecx 0xffffd380 -11392
edx 0xffffd356 -11434
ebx 0x804bff4 134529012
esp 0xffffd340 0xffffd340
ebp 0xffffd368 0xffffd368
esi 0xffffd440 -11200
edi 0xf7ffcb60 -134231200
eip 0x8049196 0x8049196 <main+48>
eflags 0x296 [ PF AF SF IF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
(gdb) x/20x $esp
0xffffd340: 0xffffd356 0xffffd676 0x00000000 0x0804917d
0xffffd350: 0xffffffff 0xf7d833d4 0xf7fc1380 0x00000000
0xffffd360: 0xffffd380 0xf7f95e2c 0x00000000 0xf7d96af9
0xffffd370: 0x00000000 0x00000000 0x080482e7 0xf7d96af9
0xffffd380: 0x00000002 0xffffd434 0xffffd440 0xffffd3a0
(gdb) c
Continuing.
Breakpoint 1, main (
argc=<error reading variable: Cannot access memory at address 0x41414141>,
argv=<error reading variable: Cannot access memory at address 0x41414145>)
at example.c:9
9 }
(gdb) x/20x $esp
0xffffd350: 0xffffffff 0x414133d4 0x41414141 0x41414141
0xffffd360: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd370: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd380: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd390: 0x41414141 0x41414141 0x41414141 0xffff0041
(gdb) info reg
eax 0x0 0
ecx 0x41414141 1094795585
edx 0xffffd390 -11376
ebx 0x41414141 1094795585
esp 0x4141413d 0x4141413d
ebp 0x41414141 0x41414141
esi 0xffffd440 -11200
edi 0xf7ffcb60 -134231200
eip 0x80491ac 0x80491ac <main+70>
eflags 0x10286 [ PF SF IF RF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
I'm compiling with the following flags
gcc -o example2 -fno-stack-protector -no-pie -m32 -g -z execstack example2.c -w
Upvotes: 1
Views: 91
Answers (0)
Related Questions
- iterate through an array using assembly and find the sum of the elements
- (VC++) Runtime Check for Uninitialized Variables: How is the test Implemented?
- Values That Are Saved In The Respective Register After Executing
- sys_execve system call from Assembly
- Buffer Overflow Exploit Example
- Dumping the values of the registers in GCC