hacking-workshop/bof3.c at master · FoothillCSClub/hacking-workshop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
/*
 * bof3.c
 * This is a simple program that can be used to demonstrate the classic form
 * of a buffer overflow exploit.
 *
 * suggested compiler options:
 * $ <c compiler> -m32 -o bof3 -Wall -z execstack -fno-stack-protector bof3.c
 * When you run it, make sure that you've turned off address space layout
 * randomization, so that the program section will be loaded in predictable
 * places.
 * On linux, run it with:
 * $ setarch $(arch) --addr-no-randomize
 * On Windows, you should pass /DYNAMICBASE[:NO] to the linker, or in Visual
 * Studio, go to: Configuration Properties -> Linker -> Advanced
 * -> "Randomized Base Address", and turn it off.
 * On Macs, run this command before running the executable:
 * $ export DYLD_NO_PYE=1
 */

#include <stdio.h>

int main(void) {
	char word[20];

	printf("Gimmie a word! : ");
	fflush(stdout);

	// bof, as usual
	gets(word);

	printf("you said: %s\n", word);

	return 0;
}