Hi, I've been working on something for school where we need to take advantage of a few programs using buffer overflows to gain elevated privileges to some dummy accounts created in a directory. I got the first few working but am stumped on this program. Can anyone provide a few pointers on how exactly to go about doing this?
Code:#include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/stat.h> #include <fcntl.h> #define MAX_ADDR_LEN 128 #define ADDR_LENGTH_OFFSET 4 #define ADDR_OFFSET 8 typedef unsigned char shsize_t; typedef struct{ char addr[MAX_ADDR_LEN]; shsize_t len; } arp_addr; void print_address(char *packet) { arp_addr hwaddr; int i; hwaddr.len = (shsize_t) *(packet + ADDR_LENGTH_OFFSET); memcpy(hwaddr.addr, packet + ADDR_OFFSET, hwaddr.len); printf("Sender hardware address: "); for (i = 0; i < hwaddr.len - 1; i ++) printf("%02hhx::", hwaddr.addr[i]); printf("%02hhx\n", hwaddr.addr[hwaddr.len - 1]); return; } int main(int argc, char *argv[]) { struct stat sbuf; char *packet; int fd; if (argc != 2){ printf("Usage: %s <packet file>\n", argv[0]); return EXIT_FAILURE; } if ((stat(argv[1], &sbuf)) < 0){ printf("Error opening packet fce\n"); return EXIT_FAILURE; } if ((fd = open(argv[1], O_RDONLY)) < 0){ printf("Error opening packet file\n"); return EXIT_FAILURE; } if ((packet = (char *)malloc(sbuf.st_size * sizeof(char))) == NULL){ printf("Error allocating memory\n"); return EXIT_FAILURE; } if (read(fd, packet, sbuf.st_size) < 0){ printf("Error reading packet from file\n"); return EXIT_FAILURE; } close(fd); print_address(packet); free(packet); return EXIT_SUCCESS; }
