mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-10-01 01:25:43 -04:00
.. | ||
demeter | ||
additional_examples.md | ||
bad_code.c | ||
BufferOverFlow.png | ||
mitigations.md | ||
README.md | ||
registers.md | ||
stack_after_buffer_overflow.png | ||
strcpy_example2.c | ||
strcpy_example.c | ||
strcpy_example.md | ||
vuln_program |
Buffer Overflow Example
This is an example of a very bad coding practices that introduces a buffer overflow. The purpose of this code is to serve as a demonstration and exercise for The Art of Hacking Series and live training
#include <stdio.h>
void secretFunction()
{
printf("Omar's Crappy Function\n");
printf("This is a super secret function!\n");
}
void echo()
{
char buffer[20];
printf("Please enter your name:\n");
scanf("%s", buffer);
printf("You entered: %s\n", buffer);
}
int main()
{
echo();
return 0;
}
The char buffer[20];
is a really bad idea. The rest will be demonstrated in the course.
You can compile this code or use the already-compiled binary here.
For 32 bit systems you can use gcc as shown below:
gcc vuln.c -o vuln -fno-stack-protector
For 64 bit systems
gcc vuln.c -o vuln -fno-stack-protector -m32
-fno-stack-protector
disabled the stack protection. Smashing the stack is now allowed. -m32
made sure that the compiled binary is 32 bit. You may need to install some additional libraries to compile 32 bit binaries on 64 bit machines.