1 #include <unistd.h>
2 #include <stdio.h>
3 #include <stdlib.h>
4 #include <netinet/in.h>
5 #include <string.h>
6 #include <arpa/inet.h>
7
8 /*
9
10 Compilation:
11 gcc -o network_overflow network_overflow.c -fno-stack-protector -no-pie -z execstack
12 objcopy network_overflow --set-section-flags .data=alloc,load,code,data
13
14 This makes it super easy for rex to exploit in the face of ASLR.
15
16 */
17
18 // a bit of a cheat to allow us to jump here, compilation options will ensure that it is writable and executable.
19 char global[2048];
20
talk(int fd)21 int talk(int fd)
22 {
23 int ret;
24 char buf[100];
25 ret = recv(fd, buf, 2048, 0);
26
27 // coppy the contents of buf into the global variable.
28 memcpy(global, buf, ret);
29 return 0;
30 }
31
main(int argc,char ** argv)32 int main(int argc, char** argv)
33 {
34
35 if (argc != 2)
36 {
37 printf("Usage: %s <port>\n", argv[0]);
38 return -1;
39 }
40
41 int server_fd;
42 int opt = 1;
43 struct sockaddr_in address;
44 int new_client;
45 int addrlen;
46
47 server_fd = socket(AF_INET, SOCK_STREAM, 0);
48
49 address.sin_family = AF_INET;
50 address.sin_addr.s_addr = inet_addr("127.0.0.1");
51 address.sin_port = htons(atoi(argv[1]));
52
53 if (bind(server_fd, (struct sockaddr *)&address, sizeof(address)))
54 {
55 printf("error binding\n");
56 return -1;
57 }
58
59 listen(server_fd, 10);
60 new_client = accept(server_fd, (struct sockaddr *)&address, (socklen_t *)&addrlen);
61
62 talk(new_client);
63 close(new_client);
64 return 0;
65 }
66