buffer-overflow

Below is my code, both the vulnerable program (stack.c) and my exploit (exploit.c). This code works on a pre-packaged Ubuntu 9 that the prof sent out for windows users (I had a friend test it on his computer), but on Ubuntu 12 that I run on my iMac, i get segfaults when I try and do this in a normal user. here's stack: //stack.c #include <stdio.h> int bof(char *str) { char buffer[12]; //BO Vulnerability strcpy(buffer,str); return 1; } int main(int argc, char* argv[]) { char str[517]; FILE *badfile; badfile = fopen("badfile","r"); fread(str, sizeof(char),517, badfile); bof(str); printf(

I have a question regarding memory allocation order. In the following code I allocate in a loop 4 strings. But when I print the addresses they don't seem to be allocated one after the other... Am I doing something wrong or is it some sort of defense mechanism implemented by the OS to prevent possible buffer overflows? (I use Windows Vista). Thank you. char **stringArr; int size=4, i; stringArr=(char**)malloc(size*sizeof(char*)); for (i=0; i<size; i++) stringArr[i]=(char*)malloc(10*sizeof(char)); strcpy(stringArr[0], "abcdefgh"); strcpy(stringArr[1], "good-luck"); strcpy(stringArr[2], "mully");

I looked at the basics of buffer overflow vulnerabilities and tried to understand how the stack is working. For that I wanted to write a simple program which changes the address of the return address to some value. Can anybody help me with figuring out the size of the base pointer to get the offset from the first argument? void foo(void) { char ret; char *ptr; ptr = &ret; //add some offset value here *ptr = 0x00; } int main(int argc, char **argv) { foo(); return 1; } The generated assembler code looks as follows: .file "test.c" .text .globl foo .type foo, @function foo: .LFB0: .cfi_startproc

my gcc version is 4.8.2 and operating system is ubuntu 14.04 (64 bit). I found that sometimes gcc auto generate the canary to do buffer overflow protection sometimes not, why? case to generate canary: when SIZE is multiple of four #include<stdio.h> #define SIZE 4 int main() { char s[SIZE]; scanf("%s", s); return 0; } asm after gcc -c -g -Wa,-a,-ad ... 4:a.c **** int main() 5:a.c **** { 13 .loc 1 5 0 14 .cfi_startproc 15 0000 55 pushq %rbp 16 .cfi_def_cfa_offset 16 17 .cfi_offset 6, -16 18 0001 4889E5 movq %rsp, %rbp 19 .cfi_def_cfa_register 6 20 0004 4883EC10 subq $16, %rsp 21 .loc 1 5 0 22

I'm using the code below to try to execute some shellcode stored in an environment variable by overflowing the searchstring variable so that the return address of main contains the address of the anvironment variable. However, I get a segmentation fault before the printf command. #include <stdio.h> #include <string.h> void main(int argc, char *argv[]){ char searchstring[100]; if(argc > 1) strcpy(searchstring, argv[1]); else // otherwise searchstring[0] = 0; printf("Here"); } I compile the code using gcc -m32 -g -o overflow.o overflow.c -fno-stack-protector -z execstack in order to disable the