My First Program on Buffer Overflow

Posted: April 23, 2012 in Hacking
Tags: , ,

It is amazing that after so maany years linux being actively developed, the buffer overflow exploit remains one of the top security vulnerabilities in 2011. Buffer overflow was first detailed in Smashing The Stack For Fun and Profit by Alphe One. Nevertheless, here is my first successful attempt in creating a buffer flow in my code.

The code is a simple one. Yet it forms the basis of a stack-based buffer overflow. Mystically, the program below prints a result of zero. The instruction ‘x = 1’ is skipped due to the buffer overflow exploit.

void function(int a, int b, int c) {
    int *ret;
    ret = (int*) &a - 1;
    (*ret) += 8;
}

void main() {
    int x;
    x = 0;
    function(1,2,3);
    x = 1;
    printf("%d\n",x);
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s