Posted: Thu Oct 22, 2009 10:55 pm Post subject: C Programming - Buffer Overflow Exploit
With the following C program:
Code:
void func(char * str)
{
char buff[16];
strcpy(buff,str);
}
void main(int argc, char * argv[])
{
int check = 1;
func(argv);
if(check == 1)
{
printf(“check should be 1 (%d)\n”,check);
} else
{
Printf(“check should not be 1 (%d)\n”,check);
}
}
1. How would I mount a buffer overflow attack on the given program and corrupt the variable “check” with the value 25?
Such that after the buffer overflow attack the output of the program should be the following:
check should not be 1 (25)
2. How would I mount a buffer overflow attack on the given program and bypass the “if” condition?
Such that after the buffer overflow attack the output of the program should be the following:
check should not be 1 (1)
3. How would I increase the size of the buffer “buff” (to as much as you want) and mount a buffer overflow attack and make the program execute a shell (“/bin/bash”)?
I am just beginning to learn buffer overflow exploits, so any help and/or explanations would be much appreciated...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Featured Links*
Looking for more Windows Networking info?
Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing! View a sample newsletter.
Become a WindowsNetworking.com member!
Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!