26Kas
Starting a new shell in a strcpy exploit using buffer overflow
I'm learning about buffer overflows and have this vulnerable code which I'm trying to start a shell from:
#include <string.h>
void myfunction(char *arg);
int main(int argc, char **argv)
{
myfunction(argv[1]);
return 0;
}
void myfunction(char *arg)
{
char stuff[8];
strcpy(stuff, arg);
}
I used gdb to see the assembly code and I got the following info:
(gdb) disassemble main
Dump of assembler code for function main:
0x08048434 <+0>: push %ebp
0x08048435 <+1>: mov %esp,%ebp
0x08048437 <+3>: and $0xfffffff0,%esp
0x0804843a <+6>: sub $0x10,%esp
0x0804843d <+9>: mov 0xc(%ebp),%eax
0x08048440 <+12>: add $0x4,%eax
0x08048443 <+15>: mov (%eax),%eax
0x08048445 <+17>: mov %eax,(%esp)
0x08048448 <+20>: call 0x8048454 <myfunction>
0x0804844d <+25>: mov $0x0,%eax
0x08048452 <+30>: leave
0x08048453 <+31>: ret
End of assembler dump.
I'm unsure where to go from here. Any advice and walkthroughs would be very helpful.
