Buffer Play

October 16, 2009

Now that I’ve got that netcat tip out of the way, I want to share a quick example of how gcc deals with buffer overflows.

The problem is that gcc does some stack smashing detection to detect when a buffer overflow is trying to be exploited. This makes learning about buffer overflows and related exploits more difficult. To turn this off, use the ~~fno-stack-protector switch as follows: <pre> $ gcc~~fno-stack-protector -o overflow overflow.c

When overflow is run, it won’t blow on the stack smasher and will segfault as “expected” when working with buffer overflow tutorials. This was needed when playing with some of the simple overflow examples I’ve found…

#include 
#include 
main() {
    char str1[10];
    strcpy(str1, ""AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"");
    printf(""hello\n"");
}