While practicing buffer overflow exploits, I ran into a problem
#include <stdio.h>
#include <unistd.h>
int vuln() {
char buf[80];
int r;
r = read(0, buf, 400);
printf("nRead %d bytes. buf is %sn", r, buf);
puts("No shell for you :(");
return 0;
}
int main(int argc, char *argv[]) {
printf("Try to exec /bin/sh");
vuln();
return 0;
}
I overflowed the buffer, starting with a NOP sled, then the shellcode to execute, then an address within the NOP sled.
RIP is pointing to an address within the NOP sled so after the ‘si’ command, NOP should execute but the seg fault error occurs
I have compiled using the -z execstack and -fno-stack-protector flags in gcc.
In another simpler program, I’ve tried using gdb to manually set RIP to the address of the shellcode and executing it from there but even that didn’t work.
The RIP is pointing to the shell code and it can even be verified with ‘disass’ but I still get the seg fault error
these are the compile options I have tried:
gcc shellcode_test.c -o shellcode_test -g -fno-stack-protector -z execstack
gcc shellcode_test.c -o shellcode_test -g -fno-stack-protector -Wl,-z,execstack -U_FORTIFY_SOURCE
It still didn’t work with ASLR disabled
Any help would be appreciated, thank you!