Debian/Ubuntu latest with updates... (gdb) shell cat bof.c #include <stdio.h> #include <string.h>
int main(int argc, char *argv[]) { if(argc < 2) return 0; char buf[128]; strcpy(buf, argv[1]); return 0; } (gdb) r `perl -e 'print "BABA" x 74'` Starting program: /home/rife/bof `perl -e 'print "BABA" x 74'` Program received signal SIGSEGV, Segmentation fault. 0xb7e355eb in strlen () from /lib/tls/i686/cmov/libc.so.6 (gdb) info r eax 0x41424142 1094861122 ecx 0x2 2 edx 0xbfc557b8 -1077585992 ebx 0xb7f1cff4 -1208889356 esp 0xbfc5520c 0xbfc5520c ebp 0xbfc557a4 0xbfc557a4 esi 0x41424142 1094861122 edi 0xb7f008b2 -1209005902 eip 0xb7e355eb 0xb7e355eb <strlen+11> eflags 0x210202 [ IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb) This is as far as I've gone. Is there some way to point EAX or better than that, ESI, to our payload and execute code? Is there a way in any situation if we overwrite ESI to make it execute code? Surely to God someone on this list knows something..
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/