I'm trying to learn buffer overflows from the book "The art of Exploitation - Jon Erickson". I have attached the code that was given.
The next step after compiling the code was to debug it using gdb. A breakpoint was set up just before the line
if(check_authentication(argv[1]))
and I ran the code with command line argument
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
When the breakpoint was reached, i ran the following in gdb and got the corresponding output:
(gdb) i r rsp
rsp 0x7fffffffdcc0 0x7fffffffdcc0
(gdb) x/32xw $rsp
0x7fffffffdcc0: 0x00000000 0x000000ff 0xffffe1e0 0x00007fff
0x7fffffffdcd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x7fffffffdce0: 0x00000001 0x00000000 0x0040083d 0x00000000
0x7fffffffdcf0: 0x00000000 0x00000000 0x0e56b100 0x0d94ed6d
0x7fffffffdd00: 0xffffdd20 0x00007fff 0x004007b3 0x00000000
0x7fffffffdd10: 0xffffde08 0x00007fff 0x00000000 0x00000002
0x7fffffffdd20: 0x004007f0 0x00000000 0xf7a2d830 0x00007fff
0x7fffffffdd30: 0x00000000 0x00000000 0xffffde08 0x00007fff
Now, I know the following consist of values from main's stackframe, and I figured out that 0x4007b3 is the return value after looking at the dump of main code. I want to know what value from the above points to my command line input.
I'm working on Ubuntu Linux. I tried using x/32b on all the values but I cannot find the 30 A's i gave in input.
The code is below:
int check_authentication(char *password){
char password_buffer[16];
int auth_flag = 0;
printf("auth_flag: %p\n", &auth_flag);
printf("password_buffer: %p\n", password_buffer);
strcpy(password_buffer,password);
if(strcmp(password_buffer, "brillig") == 0) auth_flag = 1;
if(strcmp(password_buffer, "outgrabe") == 0) auth_flag = 1;
return auth_flag;
}
int main(int argc, char *argv[]){
if(argc < 2){
printf("Usage: %s <password>\n", argv[0]);
exit(0);
}
if(check_authentication(argv[1])){
printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
printf(" Access Granted.\n");
printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
}
else{
printf("\nAccess Denied.\n");
}
}
User contributions licensed under CC BY-SA 3.0