cyber-security-resources/buffer_overflow_example
2021-08-18 16:02:32 -04:00
..
demeter Create prep.md 2021-03-18 21:26:13 -04:00
additional_examples.md Create additional_examples.md 2020-09-03 22:23:39 -04:00
arm.md Create arm.md 2021-08-18 16:02:32 -04:00
bad_code.c adding buffer overflow example 2018-02-15 18:27:16 -05:00
BufferOverFlow.png Add files via upload 2021-02-22 13:13:03 -05:00
mitigations.md Create mitigations.md 2021-07-17 11:56:53 -04:00
README.md Update README.md 2019-01-16 14:29:29 -05:00
registers.md Update registers.md 2018-06-26 21:58:59 -04:00
stack_after_buffer_overflow.png Add files via upload 2021-02-22 14:50:30 -05:00
strcpy_example2.c Create strcpy_example2.c 2021-02-22 12:52:50 -05:00
strcpy_example.c Create strcpy_example.c 2021-02-22 13:21:15 -05:00
strcpy_example.md Update strcpy_example.md 2021-02-22 17:23:20 -05:00
vuln_program Add files via upload 2018-06-26 22:28:57 -04:00

Buffer Overflow Example

This is an example of a very bad coding practices that introduces a buffer overflow. The purpose of this code is to serve as a demonstration and exercise for The Art of Hacking Series and live training

#include <stdio.h>

void secretFunction()
{
    printf("Omar's Crappy Function\n");
    printf("This is a super secret function!\n");
}

void echo()
{
    char buffer[20];

    printf("Please enter your name:\n");
    scanf("%s", buffer);
    printf("You entered: %s\n", buffer);    
}

int main()
{
    echo();

    return 0;
}

The char buffer[20]; is a really bad idea. The rest will be demonstrated in the course.

You can compile this code or use the already-compiled binary here.

For 32 bit systems you can use gcc as shown below:

gcc vuln.c -o vuln -fno-stack-protector

For 64 bit systems

gcc vuln.c -o vuln -fno-stack-protector -m32

-fno-stack-protector disabled the stack protection. Smashing the stack is now allowed. -m32 made sure that the compiled binary is 32 bit. You may need to install some additional libraries to compile 32 bit binaries on 64 bit machines.