Re: Abo3 (can someone help me?)

Hi,

First of all you should read this: http://www.enderunix.org/docs/eng/bof-eng.txt

On Sat, May 24, 2003 at 09:11:20PM -0700, Discussion Lists wrote:
> The issue here is that there is an exit(1) at the end of the code. So

Yep. However return address is not the only memory area you might be interested in overflowing. Function pointers, at_exit addresses etc. might be quite useful to change the execution flow of the vulnerable program. In this example, you're expected to overflow a function pointer fn.

> is that we have to stick our shellcode in an environment variable, then

Place your shellcode in an environment variable, so that you know exactly where it is. You're not overwriting env variable, you are overwriting buf and reach fn.

> strlen("/home/user/gera/abo3");

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

If I say, you know the address of env variable, meaning that the address of our shellcode, you should've asked how? This part is the answer to that. Here you are calculating the address of the last environment variable. Again: read bof-eng.txt .

• Murat