My exploit does not overwrite EIP, why?

Question

I am try to write my first exploit, that will exploit the pinfo program.

I install the program via apt-get them i crash him with:

neo@matrix:~$ pinfo -m `python -c 'print "A"*50064+"DCBA"'`

Przemek's Info Viewer v0.6.9
Looking for man page...

*** buffer overflow detected ***: 

pinfo terminated

But, don't matter how many 'A' characters i put on the string, EIP isn't overwriten:

neo@matrix:~$ gdb -c ./core
.....

(gdb) x/1000x
...

0xbfe78878: 0x41414141  0x41414141  0x41414141  0x41414141

0xbfe78888: 0x41414141  0x41414141  0x41414141  0x41414141
...

(gdb) info registers

eip            0xb77a0c31   0xb77a0c31 <__kernel_vsyscall+9>

How can I make the exploit overwrite the EIP?

OK, exploit engineering is certainly on-topic here. Yet, you do not explain your exploit at all! What do you do to pinfo to exploit it? I'm confident that if I install pinfo from a repository on my machine and run it with the same arguments as you did I will not get the same output as you do. In other words you're doing a lot more than you're describing in your question. — grochmal, Sep 27 '16 at 01:39
Are you sure your version of pinfo is actually vulnerable to this exploit? — user253751, Sep 29 '16 at 10:48
Have you checked the EIP address that you're targeting? I've seen cases where the EIP address changes due some reasons. — Chiragh Dewan, Sep 29 '16 at 09:36
Hi people, I am still trying... i will be post the status of my exploitation 's learnings — user3552769, Oct 13 '16 at 22:51
Hi guys,
I am trying to learn exploitation. I begin test the exploit used to get a root shell using the pinfo program:

https://www.exploit-db.com/exploits/40023/

Firstly: the pinfo is a vulnerable version because i can smash the stack them and the pinfo -h show the version:

neo@matrix:~/reverse$ /usr/bin/pinfo -h Przemek's Info Viewer v0.6.9 Usage: /usr/bin/pinfo [options] [info|manual] — user3552769, Oct 13 '16 at 23:46

My exploit does not overwrite EIP, why?

0 Answers0