UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Sponsored Links
Latest Postings
by Gremelin
Yesterday at 06:01 PM
Latest Reviews
Topic Options
Rate This Topic
#17205 - 04/30/04 10:31 PM A simple buffer overflow
newblet Offline
Junior Member

Registered: 04/30/04
Posts: 2
Loc: USA
I'm not sure if this should go in this forum or somewhere else, but here goes. I need some help writing a buffer overflow for a setuid binary. It basically allocates 256 bytes for a buffer and calls scanf(%s,buffer). I know that this function is exploitable, but I can't figure out how to send my shellcode+ret into the program.
Someone want to help me out? How do I get the program to read my overflow code?


Sponsored Links
#17206 - 05/04/04 12:25 AM Re: A simple buffer overflow
UndeadBob Offline
Junior Member

Registered: 06/11/02
Posts: 62
Loc: UK
understand assembly and how the code works the cpu. then you shall have your answer...
"Mrs. Jones, I'm sorry to inform you, but we've run the tests, and it appears that you have XP. Now don't cry - it's bad, but it's not a death sentence. Modern science has advanced in recent years, and it's now possible to live a reasonably happy life with XP. And there's a survivor's group that you'll want to meet as well."

#17207 - 05/13/04 01:03 AM Re: A simple buffer overflow
newblet Offline
Junior Member

Registered: 04/30/04
Posts: 2
Loc: USA
Ummm...sorry, but that wasn't very helpful; I already know how everything about the overflows works. I already have the program that creates an environment variable containing the string that will spawn my shell. I can use it to spawn a shell from a program that uses strcpy() and receives the string from a parameter. I just don't know how to make a program that uses stdin instead of parameters. I've already tried sending my string into a file and dumping the file in. I've also tried echoing the variable and using | to send it into the program. Could the return address be different because of the scanf()?

Edit: spelling

#17208 - 05/18/04 02:17 PM Re: A simple buffer overflow
sinetific Offline

Registered: 03/02/02
Posts: 815
Loc: Ann Arbor
You can use a debugger to find the return address


Featured Member
Registered: 03/02/02
Posts: 137
Forum Stats
2158 Members
46 Forums
41514 Topics
76689 Posts

Max Online: 1567 @ 04/25/10 02:20 AM
Top Posters
UGN Security 34676
Gremelin 7194
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jan Havelles, Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit
2158 Registered Users
Who's Online
1 registered (Gremelin), 231 Guests and 318 Spiders online.
Key: Admin, Global Mod, Mod
Latest News

  Get Firefox!
Get FireFox!