Stack Based 0x3

Setting up the Debugger

We need to download PEDA (Python Exploitation Development Assistance). This makes exploiting binary’s easy.

 

INSTALLATION:


git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit
echo "DONE! debug your program with gdb and enjoy"

Stack Overflow

Create a file called vuln2.c and copy this source code into it

CODE:


#include <string.h>
#include <stdio.h>

void shell() {
        system("/bin/sh");
}

void vuln(char *arg) {
        char buff[100];
        strcpy(buff, arg);
}

int main(int argc, char **argv) {
        printf("\n%s\n", argv[1]);
        vuln(argv[1]);
}

Make sure to disable ASLR:

echo 0 > /proc/sys/kernel/randomize_via_space

COMPILE:

gcc -z execstack vuln2.c -o vuln2

EXPLOIT:

Okay, so in this one we have a function called shell(); inside the code which is not being called anywhere, but we want to control the eip disassemble the shell function get the memory address at the start of the shell(); function and craft our exploit so we call the shell(); function.