diff options
| author | toni <matzeton@googlemail.com> | 2014-01-15 17:26:00 +0100 |
|---|---|---|
| committer | toni <matzeton@googlemail.com> | 2014-01-15 17:26:00 +0100 |
| commit | a0c08ee7c9de75e7674eee76df532c5da7adc03a (patch) | |
| tree | 176dddb38d42f4a2fa3af57fe359eccfc7cc985b /overflow.c | |
| parent | 426b0d1883a4c83ba862ec7b3ffed7154a63d494 (diff) | |
simple strcpy() exploit works
Diffstat (limited to 'overflow.c')
| -rw-r--r-- | overflow.c | 27 |
1 files changed, 8 insertions, 19 deletions
@@ -9,39 +9,28 @@ #include <stdio.h> #include <string.h> -#define ENV_VAR "EXPLOIT" -#define BUFLEN 10 - +/* 300 bytes buffer len + 4 bytes for overwrite return opcode */ +#define BUFLEN 300 void overflow(const char *src, char *dst) { /* exploitable function */ strcpy(dst, src); + /* nothing to do, just return */ } int main(int argc, char **argv) { - char *s, *env; char buf[BUFLEN]; - fprintf(stderr, "buflen: %d\nenv_var: %s\nargs: %d\n\n", BUFLEN, ENV_VAR, (argc - 1)); - if (argc > 1) - { + if (argc > 1) { overflow(argv[1], buf); - } - else if ((env = getenv(ENV_VAR))) - { - overflow(env, buf); - } - else - { - fprintf(stderr, "neither "ENV_VAR" set or arg0 given, abort!\n"); - return(1); - } - - printf("buf: %s\n*buf: %p\nbuflen: %d\n", s, s, strlen(s)); + } else { + fprintf(stderr, "arg1 missing\n"); + return(1); + } return (0); } |