缓冲区溢出 - 未获得正确的输出
Shell 代码打印主机名(bin/hostname)。但是当我执行代码时,它以相反的顺序显示路径,但不打印主机名。 我实际上正在做缓冲区溢出。 我正在使用 freebsd intel 机器。 这是我的代码,
你能找出错误在哪里吗?
//Prog 1
#include<stdio.h>
main()
{
char shellcode[]= “\x31\xc0\x50\x68\x6e\x61\x6d\x65\x68\x68\x6f\x73\x74\x68\x62
\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x54\x53\xb0\x3b
\x50\xcd\x80”;
int i;
char buf[108];
i=strlen(shellcode);
printf(“%d”,i);
strcpy(buf,shellcode);
for(i=36;i<104:i++)
{
buf[i]='b';
}
buf[104]='\x2c';
buf[105]='\xfa';
buf[106]='\xbf';
buf[107]='\xbf';
printf(“%s”,buf);
return 0;
}
上面的程序被注入到下面的程序中......所以它创建了缓冲流并打印主机名
#include <stdio.h>
int
main (int argc, char **argv){
char buf[100];
printf("Please Enter your Name");
fflush(stdout);
gets(buf);
printf("Hello %s \n",buf);
}
void notcalled(void){
//puts("cccc");
}
the Shell code print the hostname(bin/hostname). but when i execute the code its shows me the the path in reverse order but not printing the HOSTNAME.
I am actually doing the buffer over flow .
I am using freebsd intel machine.
this is my code
can you figure out please where is the error
//Prog 1
#include<stdio.h>
main()
{
char shellcode[]= “\x31\xc0\x50\x68\x6e\x61\x6d\x65\x68\x68\x6f\x73\x74\x68\x62
\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x54\x53\xb0\x3b
\x50\xcd\x80”;
int i;
char buf[108];
i=strlen(shellcode);
printf(“%d”,i);
strcpy(buf,shellcode);
for(i=36;i<104:i++)
{
buf[i]='b';
}
buf[104]='\x2c';
buf[105]='\xfa';
buf[106]='\xbf';
buf[107]='\xbf';
printf(“%s”,buf);
return 0;
}
The Above program is injected into below program ...... so it creates the bufferover flow and print the hostname
#include <stdio.h>
int
main (int argc, char **argv){
char buf[100];
printf("Please Enter your Name");
fflush(stdout);
gets(buf);
printf("Hello %s \n",buf);
}
void notcalled(void){
//puts("cccc");
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
int I;并使用i:i++,而不是;i++strncpy()也缺少size_t参数int I;and usingi:i++, instead of a;i++strncpy()is missing thesize_tparam too此示例代码中没有缓冲区溢出。您只是打印 shell 代码,而不是执行它。
由于引号、i vs I 问题、: 而不是 ; 等原因,发布的代码甚至无法编译。和 strncpy 需要 3 个参数(可能有更多错误)。
shell 代码对于 freebsd 可能是正确的,我无法检查。不过,这对于 Linux 来说绝对是不正确的。
There is no buffer overflow in this sample code. You are simply printing the shell code, instead of executing it.
The code as posted doesn't even compile, due to things like quotes, i vs I problem, : instead of ; and strncpy needing 3 arguments (possibly more errors).
The shell code may be correct for freebsd, I can't check that. It definitely isn't correct for linux, though.
显然你仍然没有触发代码执行,尽管现在我看到你的缓冲区溢出了。但请注意,溢出 buf 变量会尝试覆盖 main 的返回地址,因此无论如何它都应该打印文本。此外,编译器可能生成了与您期望的不同的堆栈布局,或者您的堆栈可能不可执行(尽管在这种情况下您应该得到一个段错误)。
使用调试器单步执行代码,从 main 中的“return”语句开始,看看发生了什么。您很快就会到达 RET 指令,该指令会将 shellcode 的起始地址弹出到指令指针中,从而有效地跳转到它。我怀疑由于某种原因这种情况没有发生。
Apparently you are still not triggering code execution, even though now I see where you have your buffer overflow. Note however that overflowing the buf variable is trying to overwrite the return address for main, so it should print the text in any case. Also, the compiler may have generated a different stack layout than what you expect, or maybe your stack is not executable (although you should get a segfault in this case).
Use a debugger to single step through the code, beginning with the "return" statement in main and see what is happening. You will soon reach a RET instruction which should pop the starting address of your shellcode into the instruction pointer, effectively jumping to it. I suspect that is not happening for some reason.