sudo apt install build-essential gdb
nano hello.c
The nano editor opens. Type in the program shown below.
#include <stdio.h>
void main()
{
buf();
}
int buf(){
char name[10];
printf("What is your name? ");
scanf("%s", name);
printf("Hi, %s\n\n", name);
}
Save your file with Ctrl+X, Y, Enter.
gcc hello.c -o hello
./hello
These commands compile the hello.c program, creating an
executable machine language file named hello,
and run the hello executable.
It should ask you for your name. When you type in your name (no longer than 10 characters), you should be greeted by name, as shown below.
./hello
When you see the "What is your name?" prompt, type in this name,
which consists of forty "A" characters,
followed by the Enter key:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
You see a "Segmentation fault" error, as shown
below.
In a Terminal window, execute this command, which loads the "hello" program into the "gdb" debugger:
gdb -q hello
At the (gdb) prompt, enter this command:
run
When you see the "What is your name?" prompt, type in this name,
which consists of forty "A" characters,
followed by the Enter key:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
You see a "Segmentation fault" error, as shown
below, followed by value of the instruction pointer
at the point of the fault, which is
the hexadecimal value 0x41414141 on 32-bit systems,
the ASCII encoding of "AAAA".
info registers
The values stored in the registers, appear,
as shown in the image above. The eip
contains 0x41414141 which indicates
that a portion of the name you entered was
inserted into it, which can be exploited to gain
control of the machine.
Troubleshooting
If you see longer register values with names like rax and rip, you are using a 64-bit machine. Enter the value of rbp into the form below.
Use the form below to record your success.
#include <stdio.h>
void main()
{
buf();
}
int buf(){
char name[3];
printf("What is your name? ");
scanf("%s", name);
printf("Yo, %s\n\n", name);
}
Save the file and compile it, as you did
for the hello.c program.
Run the program for a short name. The program runs properly, as shown below.
Try longer names until the program crashes, as shown below. This process is called "fuzzing" and it's an essential part of vulnerability discovery.
Use the form below to record your success.
Use the form below to record your success.