[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why this wont work



Well, for various reasons...
The first being that your exploit doesn't even compile.


main (void) {
char buffer[1032]; /* 1024 + 8 */
int offset,i,ret;
char *ptr,*ptr2;


Things such as main() void when it should be void main() .


help () {
fprintf ("Usage: %s <offset>\n",argv[0]);
exit(0);
}


Function declarations inside main....


for (i=0;i<strlen(buffer);i++) {
  buffer[i]=0x00;
}


Putting NULLs into a shellcode is a major no-no. NULL= 0x00

Probably a couple of other reasons too.
I think _(but not sure)_ that since there is no printf or something after your strcpy, that you have to overwrite .dtors section.
AND if you are using gcc > 2.95 (or something like that) it wont work.

Another thing that will help you, is if you overflow 100 more than necessary (instead of just 8). And last thing that I can think of... It appears to me that you are using shell code that will run a shell Sometimes it is necessary to use shellcode that will just execute a program... instead of prompting for a shell. Also... sometimes shellcode can be specific to the computer you are running (because of addresses).

You might also have to brute force your return address... movl %esp,%eax might not be enough.

Have fun coding!!

Try reading smashing the stack for fun and profit and any other buffer overflow paper you can get a hold of.

A good wargame that will help you learn to write exploits can be found at:
http://kamikaza.ffk.hr/wargame/