Buffer Overflow problem

From: John Vill (kalookalaa_at_hotmail.com)
Date: 05/05/04

  • Next message: Damien Manuel: "Re: User Passwords and security risks"
    To: security-basics@securityfocus.com
    Date: Wed, 05 May 2004 02:14:42 -0400
    
    

    Hello Im new to this is list and I was hoping someone can help me.

    int main(int argv,char **argc) {
            char buf[256];

            strcpy(buf,argc[1]);
    }

    is a simple program I found that was written to be overflown. I've tried
    for at least 2-3 hours trying to overflow it right. I was using...
    `perl -e 'print "\x90"x222'``cat ./text3``perl -e 'print
    "\x68\xf9\xff\xbf"'` <-- ESP
    I'm on Fedora Core and a disas main shows "sub $0x108,%esp" making the
    buffer 264.
    text3 is the shellcode.
    I would get an "Illegal Instruction" message.
    In gdb the EIP was overwritten with bffff96a which I think is weird, where
    does the "a" come from? I tried using 66 instead of 68 and the 6 shows up
    but it still doesnt give a shell. Can someone also tell me what exactly
    "Illegal Instruction" means? Am I returning before the buffer or something?

    Any help is appreciated.

    _________________________________________________________________
    FREE pop-up blocking with the new MSN Toolbar get it now!
    http://toolbar.msn.com/go/onm00200415ave/direct/01/

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Damien Manuel: "Re: User Passwords and security risks"

    Relevant Pages

    • RE: Removing Local Admin Rights...
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Minimum password requirements
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Betr.: RE: fax software in the domain
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: HIPAA_Compliance
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Cisco CSA
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)