Well, even after all that, couldn't get myself a root shell. Couple things to note:
attack.c doesn't actually run correctly for me -- I get a segfault on run in the neighborhood of line 34. Since my C skills are atrocious, I just rewrote the thing in ruby to do what I think it's supposed to do. However, even with this work-around, I can't trigger the vulnerability in victim.c beyond a segfault. But apparently, that's okay, neither could the authors, since they admit that they "cheated a little bit, to be honest," on page 32, using a different exploit with a different return address.
On to NOPs!
Hey! I've started reading The Shellcoder's handbook and your blog looks very good.
ReplyDeleteHowever, why did you stop posting? It would've been very helpful if you had continued your posts.
Additionally, the source for this code is the article here : http://www.groar.org/expl/beginner/lamagra-bof.txt
I compiled and run the code from the article and I didn't get any segment fault.
I found the error.. the code in the book is wrong, missing some lines where a malloc() function is used to assing memory to the variables.
ReplyDeleteI published de problem here: http://www.belindofan.com.ar/?module=blog&action=view&id=532&title=the-address-problem-solved
Greetings.