Home/ Questions/Q 9270287
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T15:19:52+00:00

I am learning about buffer overflows and am trying to make one. I have

  • 0

I am learning about buffer overflows and am trying to make one. I have this code:

#include <stdio.h>

char *secret = "password";

void go_shell() {
    char *shell =  "/bin/sh";
    char *cmd[] = { "/bin/sh", 0 };
    setreuid(0);
    execve(shell,cmd,0);
}

int authorize() {
    char password[64];
    printf("Enter Password: ");
    gets(password);
    if (!strcmp(password,secret)) {
        return 1;
    }
    else {
        return 0;
    }
}

int main() {
    if (authorize()) {
        printf("login successful\n");
        go_shell();
    } else {
        printf("Incorrect password\n");
    }
    return 0;
}

I compile this with gcc and then run it in gdb

I enter about 100 “A”s as the password and the program crashes.

The problem is no register is overwritten to 0x4141414141414141

I googled this and added the -fno-stack-protector flag to gcc, which allowed RBP to be overwritten to 0x4141414141414141 but nothing else.

I was wondering if there was a way to compile the code so that RIP can be overwritten.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your code already does what you want if you compile with -fno-stack-protector. The reason you don’t see RIP with a value of 0x4141414141414141 in GDB is that a general protection fault is thrown before RIP is updated. (If a page fault occurs, the GPF handler usually loads the page from swap and resumes execution by starting with the failed instruction.)

    • 0