【IT专家】使用缓冲区溢出来执行shell代码

本文由我司收集整编，推荐下载，如有疑问，请与我司联系

使用缓冲区溢出来执行shell 代码

使用缓冲区溢出来执行shell 代码[英]Using buffer overflow to execute shell code

I’ve been learning computer security lately and come across a couple problems, and i’m

having some trouble with this one in particular.

我最近一直在学习计算机安全并遇到一些问题，特别是我遇到了这个问题。

I’m given a function with a fixed buffer I need to overflow in order to execute shellcode in the file shellcode. The function is quite simple:

我给了一个带有固定缓冲区的函数，我需要溢出才能在文件shellcode 中执行shellcode。功能很简单：

void vuln(char *str) { char buf[64]; strcpy(buf, str); //function provided to display stack on command prompt dump_stack((void **) buf, 21, (void **) str); My initial guess was to modify the return address, the eip, of the function in order to locate and execute what is in

the shellcode file, but i realized I have no address to the file I can represent in a hexadecimal value. I am pretty sure I need to manipulate the return address, so currently

what i’m calling is:

我最初的猜测是修改函数的返回地址，eip，以便找到并执行shellcode 文件中的内

容，但我意识到我没有地址到我可以用十六进制值表示的文件。我很确定我需要操

纵返回地址，因此我目前正在调用的是：

//the string is passed as a command line arg./buffer_overflow_shellcode $(python -c “print‘A’*72 + ‘\x41\xd6\xff\xff’“) my output is:

我的输出是：

Stack dump:0xffffd600: 0xffffd7fd (first argument)0xffffd5fc: 0x08048653 (saved eip)0xffffd5f8: 0xffffd641 (saved ebp)0xffffd5f4: 0x414141410xffffd5f0:

0x414141410xffffd5ec: 0x414141410xffffd5e8: 0x414141410xffffd5e4:

0x414141410xffffd5e0: 0x414141410xffffd5dc: 0x414141410xffffd5d8:

0x414141410xffffd5d4: 0x414141410xffffd5d0: 0x414141410xffffd5cc: