0

I am trying to run this piece of vulnerable C code:

#include <stdio.h>
#include <stdlib.h>

int add(int x, int y)
{
 int z =10;
 z = x + y;
 return z;
}

main(int argc, char **argv)
{
 int a = atoi(argv[1]);
 int b = atoi(argv[2]);
 int c;

 char buffer[100];

 gets(buffer);
 puts(buffer);

 c = add(a,b);

 printf("Sum of %d+%d = %d\n",a, b, c);

 exit(0);
}

I am trying to get past the segmentation fault so that I can input the integers but the segmentation fault prevents that. In the terminal I have tried: gcc -ggdb -fno-stack-protector -U_FORTIFY_SOURCE -Wa,--execstack -o SimpleDemo SimpleDemo.c

I still get a segmentation fault. I am lost as to what to try next. As you can probably tell, I am an ubuntu newb. The bash code I am using comes from here:

http://www.evanjones.ca/buffer-overflow-101.html

I have been at this for while so would really appreciate some help

Cheers

Improve this question
1
  • 6
    You need to provide the integers as command-line arguments, not run the program and then enter them. If you don't, the atoi(argv[1]) call will seg fault (probably). Commented Jun 26, 2012 at 15:58

1 Answer 1

Reset to default
1

Just explaining what hmjd is asking you to do.

Run (binary) 10 20

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks guys. Just to clarify, when I run the program with - ./SimpleDemo, I put 10 and 20 on that line? How would the bash code to run this look?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.