Previous Thread
Next Thread
Print Thread
Rate Thread
#17205 04/30/04 10:31 PM
Joined: Apr 2004
Posts: 2
N
newblet Offline OP
Junior Member
OP Offline
Junior Member
N
Joined: Apr 2004
Posts: 2
Hey,
I'm not sure if this should go in this forum or somewhere else, but here goes. I need some help writing a buffer overflow for a setuid binary. It basically allocates 256 bytes for a buffer and calls scanf(%s,buffer). I know that this function is exploitable, but I can't figure out how to send my shellcode+ret into the program.
Someone want to help me out? How do I get the program to read my overflow code?

Thanks

#17206 05/04/04 12:25 AM
Joined: Jun 2002
Posts: 62
Junior Member
Offline
Junior Member
Joined: Jun 2002
Posts: 62
understand assembly and how the code works the cpu. then you shall have your answer...


"Mrs. Jones, I'm sorry to inform you, but we've run the tests, and it appears that you have XP. Now don't cry - it's bad, but it's not a death sentence. Modern science has advanced in recent years, and it's now possible to live a reasonably happy life with XP. And there's a survivor's group that you'll want to meet as well."
#17207 05/13/04 01:03 AM
Joined: Apr 2004
Posts: 2
N
newblet Offline OP
Junior Member
OP Offline
Junior Member
N
Joined: Apr 2004
Posts: 2
Ummm...sorry, but that wasn't very helpful; I already know how everything about the overflows works. I already have the program that creates an environment variable containing the string that will spawn my shell. I can use it to spawn a shell from a program that uses strcpy() and receives the string from a parameter. I just don't know how to make a program that uses stdin instead of parameters. I've already tried sending my string into a file and dumping the file in. I've also tried echoing the variable and using | to send it into the program. Could the return address be different because of the scanf()?

Edit: spelling

#17208 05/18/04 02:17 PM
Joined: Mar 2002
Posts: 815
S
nobody
Offline
nobody
S
Joined: Mar 2002
Posts: 815
You can use a debugger to find the return address


Link Copied to Clipboard
Member Spotlight
Posts: 43
Joined: November 2002
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
unreal 1
Crime 1
Ice 1
Dartur 1
Powered by UBB.threads™ PHP Forum Software 7.7.5