My First BoF
A very old guide I found one of my HDD's
Creating your first buffer overflow
In a 32 bit Kali installation open a terminal and type the following command and set the value to 0
This will turn off ASLR on the system (this is a protection against buffer overflows)
Next type
And copy the following vulnerable code into the text box.
This code is written in C and essentially it creates 2 variables name and dangerous_system_command it then allocates a memory buffer for each variable. The next 2 print statements print out the address in memory. The program will then ask for your name, it uses the vulnerable command “gets” (which does not sanitise input). If the input is of correct size the program will print out “hello world” lets do this now.
type:
to run the program and look at the memory addresses. you should be able to count the difference between them.
If we enter a string that is greater than 32 characters we see that we get an error message that looks like the shell command “r” can not be found. The letter “r” is the 33rd character of the input.
So if we know the program has a 32 length buffer and that if we overflow the name variable of 32 bytes we end up in a command variable, why not forge a command at the end of our buffer overflow. To do this we would need a string of 32bit length and a command at the end of it. like so:
Last updated