current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Information Security Stack Exchange is a question and answer site for Information security professionals. It's 100% free, no registration required.
up vote 0 down vote favorite

when i download a copy of vulnerable program and try to exploit it by buffer overflow (any internal function calling as a payload) it works. but when i made a same type of vulnerable program in c i am not able to exploit it and i have no idea whats going wrong. checking on gdb i figure out that i am able to over write the return address on the stack but still getting a segmentation fault and my desired address is not executed

the vulnerable program:

#include<stdio.h>

input()
{
char a[4];

    gets(a);
    puts(a);
}

main()
{
    input();
    printf("\nthis will execute after returning from the function\n");
}


over()
{
    printf("this can only be executed by the hacker");
}

i want to execute the function "over" and i used the payload

printf "aaaaaaaa\xb3\x84\x04\x08" | ./my

thankyou

share|improve this question
    
Your compiler is putting in tricks to try and make buffer overflows harder. stackoverflow.com/questions/2340259/… –  pacifist May 23 at 4:36
    
i have disabled aslr and also used the switch -mprefrred-stack-boundary=2 and even the vulnerable program which seems to work i used the same switch –  user38257 May 23 at 6:13
1  
While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. –  Xander May 27 at 11:21
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.