Menu
I'm testing a buffer overflow exploitation but when I compile my code, gcc uses memory alignment and the extra bytes added by the compiler force me to deal with this padding.
Is there a way to compile the code with gcc without padding?
This is the overflow achieved with padding but I want a clear view of it without compiler garbage:
(gdb) x/60x 0xbffff450
0xbffff450: 0xbffff460 0x00000001 0x00000000 0x00000001
0xbffff460: *0x41414141 0x41414141 0x41414141 0x41414141[buffer begins]
0xbffff470: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffff480: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffff490: 0x41414141 0x41414141 0x41414141 0x41414141*[buffer ends]
0xbffff4a0: 0x41414141 0x41414141 0x41414141 [0x0804851c][Return Address]
Regards
Edit:
This is the code I'm compiling:
#include <stdio.h>
char *secret = "pepito";
void go_shell(){
char *shell = "/bin/sh";
char *cmd[] = { "/bin/sh", 0 };
printf("¿Quieres jugar a un juego?...\n");
setreuid(0);
execve(shell,cmd,0);
}
int authorize(){
char password[64];
printf("Escriba la contraseña: ");
gets(password);
if (!strcmp(password,secret))
return 1;
else
return 0;
}
int main(){
if (authorize()){
printf("Acceso permitido\n");
go_shell();
} else{
printf("Acceso denegado\n");
}
return 0;
}
794
Yes, you need to adjust how gcc allocates stack space. By default, it attempts to keep the stack aligned on 16-byte boundaries since certain instructions (SSE*) require it. If you specify -mpreferred-stack-boundary=2 on the command line when you compile, gcc will keep the stack aligned to 2^2=4, which what you were expecting since you are using a 32-bit environment.
157
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
