readme

来自「this gives details of the network progra」· 代码 · 共 29 行

Some files that demonstrate buffer overflow and stack smashing.

execls: just shows how to use the exec() system call (it exec's /bin/ls).

ov.c: a function that modifies the return address to point to a string.
      The string actually holds a small version of execls. Once the subroutine
      returns, it execs /bin/ls instead.

vulnerable.c: a program with an overflowable buffer. This program reads from
  standard input and then stuffs whatever it got into a string. If we give 
  it the right string (that is too large for the buffer and happens to
  hold a program and substitute return-address - we can turn the program
  into /bin/ls!

genpgm.c: a program that prints out a string that happens to be what we need
to mess up the vulnerable program (to make it exec /bin/ls). genpgm needs an
offset specified as a command line parameter - it adds this offset to the
fixed number it assumes is the address of the buffer it is overflowing 
(used to replace the return address on the stack). Usage:

genpgm 16 | ./vulnerable

16 seems to work.

Note that genpgm and vulnerable are tuned to a specific OS
(Linux),compiler, libraries, etc. These won't work without
modification on other machines/versions of Linux, etc.