0

I am recreating the buffer overflow from http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Buffer_Overflow/Buffer_Overflow.pdf and I would like to write a bash script that will gdb on my "stack" executable. The script will then make break points and grab the addresses of the begging (p &buffer) and end (p $ebp) of the buffer that the will be passed into ./exploit <&buffer, $ebp> as arguments.

When I run my script..

#!/bin/sh
gdb stack
b main
b 14
run
b 23
c
p &buffer
p $ebp

When I use it, gdb is opened on my executable. However, the rest of the script is not executed. I assume this is because gdb creates a new process. I have tried " gdb stack "$$" " to get gdb on the same process as my script, however unsuccessful.

Is what I am trying to do possible?

Edit:

New Script: This correctly outputs the addresses to the command line

#!/bin/sh
gdb stack << 'EOF'
  b main
  run
  b 23
  c
  s
  p &buffer
  p $ebp
  quit
EOF

How do I grab those addresses so I can pass them in as arguments to ./exploit?

Following line of my bash file will be..

./exploit <&buffer> <$ebp>
cpacoding
  • 11
  • 1
  • 4
    Each line in the shell script as written is a shell command — so when `gdb` exits, the shell running the script will attempt to run commands `b`, `run`, `c`, `p`, `buffer`, etc. You need to redirect the subsequent lines to the input of `gdb`; use a here document `gdb stack <<'EOF'` followed by your `gdb` commands, and then a line containing only `EOF` (left justified). – Jonathan Leffler Apr 04 '20 at 20:33
  • That worked! I have just made an edit with a new question. – cpacoding Apr 04 '20 at 21:25
  • You probably need to redirect standard output (from `gdb`) to a file: `gdb <<'EOF' >gdb.output` to place the information in `gdb.output`. You will then have to worry about cleaning the data to get the two addresses. ASLR may mess things up for you — beware. – Jonathan Leffler Apr 04 '20 at 21:36
  • 1
    Dunno — they invented these things called '[manuals](https://sourceware.org/gdb/download/onlinedocs/)' that help explain how programs work. I'd have to read it to find the answer; since it isn't my problem, I'm delegating the reading process to you. You might be able to use something like `p &buffer >buffer.out`. But I make no promises — I've not read the manual. – Jonathan Leffler Apr 04 '20 at 22:06

1 Answers1

1

Try

gdb -batch yourfile

as supossed in man gdb.

Or look here for an example.

John Goofy
  • 1,330
  • 1
  • 10
  • 20