Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by ">User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a ">Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#17205 - 05/01/04 05:31 AM A simple buffer overflow  
Joined: Apr 2004
Posts: 2
newblet Offline
Junior Member
newblet  Offline
Junior Member

Joined: Apr 2004
Posts: 2
I'm not sure if this should go in this forum or somewhere else, but here goes. I need some help writing a buffer overflow for a setuid binary. It basically allocates 256 bytes for a buffer and calls scanf(%s,buffer). I know that this function is exploitable, but I can't figure out how to send my shellcode+ret into the program.
Someone want to help me out? How do I get the program to read my overflow code?


Sponsored Links
#17206 - 05/04/04 07:25 AM Re: A simple buffer overflow  
Joined: Jun 2002
Posts: 62
UndeadBob Offline
Junior Member
UndeadBob  Offline
Junior Member

Joined: Jun 2002
Posts: 62
understand assembly and how the code works the cpu. then you shall have your answer...

"Mrs. Jones, I'm sorry to inform you, but we've run the tests, and it appears that you have XP. Now don't cry - it's bad, but it's not a death sentence. Modern science has advanced in recent years, and it's now possible to live a reasonably happy life with XP. And there's a survivor's group that you'll want to meet as well."
#17207 - 05/13/04 08:03 AM Re: A simple buffer overflow  
Joined: Apr 2004
Posts: 2
newblet Offline
Junior Member
newblet  Offline
Junior Member

Joined: Apr 2004
Posts: 2
Ummm...sorry, but that wasn't very helpful; I already know how everything about the overflows works. I already have the program that creates an environment variable containing the string that will spawn my shell. I can use it to spawn a shell from a program that uses strcpy() and receives the string from a parameter. I just don't know how to make a program that uses stdin instead of parameters. I've already tried sending my string into a file and dumping the file in. I've also tried echoing the variable and using | to send it into the program. Could the return address be different because of the scanf()?

Edit: spelling

#17208 - 05/18/04 09:17 PM Re: A simple buffer overflow  
Joined: Mar 2002
Posts: 815
sinetific Offline
sinetific  Offline

Joined: Mar 2002
Posts: 815
Ann Arbor
You can use a debugger to find the return address

Member Spotlight
Portland, OR; USA
Posts: 7,198
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Average Daily Posts3
Most Online1,567
Apr 25th, 2010
Latest Postings
shopping for jewelry with something above
by mikejoey on 04/12/17 08:01 AM
PANDORA North The usa
by mikejoey on 04/12/17 07:38 AM
Pandora’s birthstone products will always
by mikejoey on 04/12/17 07:14 AM
the newest Pandora necklaces crafting facility
by mikejoey on 04/12/17 06:53 AM
an Air Jordan 4 by Off White is in
by mikejoey on 04/12/17 06:35 AM
belonging to the adidas NMD XR1
by mikejoey on 04/12/17 05:50 AM
Other detailsThe adidas Originals Celebrity
by mikejoey on 04/12/17 05:35 AM
The DNA on the NMD model is actually
by mikejoey on 04/12/17 05:18 AM
in which adidas NMD XR1 “Zebra” supplying
by mikejoey on 04/12/17 04:05 AM
by Gremelin on 01/14/17 07:03 PM
Top Posters(All Time)
UGN Security 41,138
Gremelin 7,198
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 3
Black Beard Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
fleshwound Likes: 1
Ghost Likes: 2
Gremelin Likes: 12
Ice Likes: 1
ninjaneo Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20170206)