UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#17205 - 05/01/04 01:31 AM A simple buffer overflow
newblet Offline
Junior Member

Registered: 04/30/04
Posts: 2
Loc: USA
Hey,
I'm not sure if this should go in this forum or somewhere else, but here goes. I need some help writing a buffer overflow for a setuid binary. It basically allocates 256 bytes for a buffer and calls scanf(%s,buffer). I know that this function is exploitable, but I can't figure out how to send my shellcode+ret into the program.
Someone want to help me out? How do I get the program to read my overflow code?

Thanks

Top
Sponsored Links
      
#17206 - 05/04/04 03:25 AM Re: A simple buffer overflow
UndeadBob Offline
Junior Member

Registered: 06/11/02
Posts: 62
Loc: UK
understand assembly and how the code works the cpu. then you shall have your answer...
_________________________
"Mrs. Jones, I'm sorry to inform you, but we've run the tests, and it appears that you have XP. Now don't cry - it's bad, but it's not a death sentence. Modern science has advanced in recent years, and it's now possible to live a reasonably happy life with XP. And there's a survivor's group that you'll want to meet as well."

Top
#17207 - 05/13/04 04:03 AM Re: A simple buffer overflow
newblet Offline
Junior Member

Registered: 04/30/04
Posts: 2
Loc: USA
Ummm...sorry, but that wasn't very helpful; I already know how everything about the overflows works. I already have the program that creates an environment variable containing the string that will spawn my shell. I can use it to spawn a shell from a program that uses strcpy() and receives the string from a parameter. I just don't know how to make a program that uses stdin instead of parameters. I've already tried sending my string into a file and dumping the file in. I've also tried echoing the variable and using | to send it into the program. Could the return address be different because of the scanf()?

Edit: spelling

Top
#17208 - 05/18/04 05:17 PM Re: A simple buffer overflow
sinetific Offline
nobody

Registered: 03/02/02
Posts: 815
Loc: Ann Arbor
You can use a debugger to find the return address

Top

Featured Member
Registered: 03/02/02
Posts: 136
Forum Stats
2148 Members
46 Forums
35077 Topics
70247 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 28239
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
0 registered (), 439 Guests and 263 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!