Buffer Overflow problem

From: John Vill (kalookalaa_at_hotmail.com)
Date: 05/05/04

  • Next message: Damien Manuel: "Re: User Passwords and security risks"
    To: security-basics@securityfocus.com
    Date: Wed, 05 May 2004 02:14:42 -0400

    Hello Im new to this is list and I was hoping someone can help me.

    int main(int argv,char **argc) {
            char buf[256];


    is a simple program I found that was written to be overflown. I've tried
    for at least 2-3 hours trying to overflow it right. I was using...
    `perl -e 'print "\x90"x222'``cat ./text3``perl -e 'print
    "\x68\xf9\xff\xbf"'` <-- ESP
    I'm on Fedora Core and a disas main shows "sub $0x108,%esp" making the
    buffer 264.
    text3 is the shellcode.
    I would get an "Illegal Instruction" message.
    In gdb the EIP was overwritten with bffff96a which I think is weird, where
    does the "a" come from? I tried using 66 instead of 68 and the 6 shows up
    but it still doesnt give a shell. Can someone also tell me what exactly
    "Illegal Instruction" means? Am I returning before the buffer or something?

    Any help is appreciated.

    FREE pop-up blocking with the new MSN Toolbar get it now!

    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:

  • Next message: Damien Manuel: "Re: User Passwords and security risks"