C Programming - Self Exploit

Self Exploit < Code Snippet >.

strcpy !!!! Is she the culprit?

Note: Tested on Redhat Linux i386 platform.


#include < string.h >
#include < stdio.h >
#include < stdlib.h >

int payload();
int exploit(char *d);

int main() {
    int distance;
    char a[512] = {0};
    distance = exploit(NULL);
    memset(a, 0xFF, distance);
    *(void**)(a + distance) = &payload;
    *(void**)(a + distance + sizeof(void*)) = 0;
    exploit(a);
    return 255;
}

/*
 * This overflows its own buffers and 
 * causes the return to jump to payload()
 */

int exploit(char *d) {
    char a[400] = {0};
    void *i;
    int distance = 0;
    char payld[sizeof(void*) + 1];
    void *myret;
    void *z;

    if (!d) {
        myret = __builtin_return_address(0);
        for (i = (void*)a; *(void**)i != myret; i++) distance++;
    return distance;
    }
    strcpy(a,d);
    return 1;
}

int payload() {
    printf("Payload executed successfully!\n");
    _exit(0);
}

Labels: C

About this entry

You’re currently reading “C Programming - Self Exploit,” an entry on ANOOB BACKER Technical Blog

Published:: 1:40 am; by -

Archives

Vurdlak 11:10 am

This comment has been removed by a blog administrator.

Anonymous 11:11 am

Think It would be cool if you provided email on your website. nice layout. my question is: how did you implement code to your posts, I use pre tags on my site but when I open my website in internet exploer the fint size is too big. when I open it with mozzila it's acctualy OK. please reply to vurdlak@gmail.com thnks!

Anonymous 7:51 pm

i have used "pre { font-size: 10pt;}" in CSS.

ANOOB BACKER Technical Blog

C Programming - Self Exploit

About this entry

3 Comments (Post a Comment)

Recently

Archives

Links