blob: bd88a9db853937be1327f3741706cdd3fb083b65 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void unused_function() {
printf("you did it! ROP achieved, we never call this function\n");
printf("calling /bin/sh...\n");
system("/bin/sh");
}
void vuln(char* input) {
char buffer[32];
// copy input but dont check size, purposefully vulnerable so we can ROP our way through stuff
strcpy(buffer, input);
printf("Your argument was: %s\n", buffer);
}
int main(int argc, char** argv) {
if (argc != 2) {
printf("Usage: %s <string>\n", argv[0]);
return 1;
}
vuln(argv[1]);
return 0;
}
|
