Next you can check that eip was corrupted with A??™s: yes, eip is full of A??™s and the program
was doomed to crash. Remember, when the function (in this case, main) attempts to
return, the saved eip value is popped off of the stack and executed next. Since the address
0x41414141 is out of your process segment, you got a segmentation fault.
CAUTION Fedora and other recent builds use Address Space Layout
Randomization (ASLR) to randomize stack memory calls and will have mixed
results for the rest of this chapter. If you wish to use one of these builds,
disable the ASLR as follows:
#echo "0" > /proc/sys/kernel/randomize_va_space
#echo "0" > /proc/sys/kernel/exec-shield
#echo "0" > /proc/sys/kernel/exec-shield-randomize
Overflow of meet.c
From Chapter 6, we have meet.c:
//meet.c
#include
// needed for screen printing
greeting(char *temp1,char *temp2){ // greeting function to say hello
char name[400]; // string variable to hold the name
strcpy(name, temp2); // copy the function argument to name
printf("Hello %s %s\n", temp1, name); //print out the greeting
}
main(int argc, char * argv[]){ //note the format for arguments
greeting(argv[1], argv[2]); //call function, pass title & name
printf("Bye %s %s\n", argv[1], argv[2]); //say "bye"
} //exit program
Gray Hat Hacking: The Ethical Hacker??™s Handbook
150
Chapter 7: Basic Linux Exploits
151
PART III
To overflowthe 400-byte buffer in meet.
Pages:
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317