0

When I download a copy of a vulnerable program and try to exploit it by buffer overflow (any internal function calling as a payload), it works. However, when I made a same type of vulnerable program in C I am not able to exploit it and I have no idea what's going wrong. Checking on gdb I figure out that I am able to overwrite the return address on the stack but still getting a segmentation fault and my desired address is not executed.

The vulnerable program:

#include<stdio.h>

input()
{
    char a[4];

    gets(a);
    puts(a);
}

main()
{
    input();
    printf("\nthis will execute after returning from the function\n");
}


over()
{
    printf("this can only be executed by the hacker");
}

I want to execute the function over() and I used the payload

printf "aaaaaaaa\xb3\x84\x04\x08" | ./my
TildalWave
  • 10,801
  • 11
  • 45
  • 84
user38257
  • 105
  • 1
  • 1
  • 5
  • Your compiler is putting in tricks to try and make buffer overflows harder. http://stackoverflow.com/questions/2340259/how-to-turn-off-gcc-compiler-optimization-to-enable-buffer-overflow – pacifist May 23 '14 at 04:36
  • i have disabled aslr and also used the switch -mprefrred-stack-boundary=2 and even the vulnerable program which seems to work i used the same switch – user38257 May 23 '14 at 06:13

2 Answers2

1

The main problem with your code is that it isn't vulnerable to a buffer overflow more than likely due to the compiler (are you using gcc?) replacinggets withfgets

If you strace the above compiled code (with malicious input) you should see what I mean.

grepNstepN
  • 610
  • 4
  • 15
0

If you've disabled ASLR (and checked that it's really disabled), you may be running into a canary. Disable it using the -fno-stack-protector flag:

gcc my.c -o my -fno-stack-protector
corporateWhore
  • 140
  • 4