3

I'm learning buffer overflow exploiting. I wrote a vulnerable program like this:

#include <stdio.h>
#include <string.h>

main(int argc, char *argv[])
{
    char buffer[80];
    strcpy(buffer, argv[1]);
    return 1;
}

Very simple program. The idea is to overwrite the return address that's used to return to the libc function start_main. Everything went fine and I used GDB to verify that the return address is overwritten with the right address that points to the shellcode in the memory.

But when I'm suppose to get a shell this appears:

Program received signal SIGSEGV, Segmentation fault. 0xbffff178 in ?? ()

0xbffff178 is the return overwritten return address and it does point to the shellcode I'm pretty sure. Any help?

isedev
  • 18,848
  • 3
  • 60
  • 59
Peter
  • 141
  • 1
  • 1
  • 5

1 Answers1

5

You probably have a no-execute stack, which prohibits code from being executed from certain address ranges. You need to compile with -z execstack to force the stack to be executable.

nneonneo
  • 171,345
  • 36
  • 312
  • 383
  • How could the stack require execution rights if all is being changed there is the return address to a different function? – Alexis Wilke Feb 27 '14 at 04:32
  • 1
    He's writing both the return address and the shellcode to the string buffer, which lives on the stack. – nneonneo Feb 27 '14 at 05:11