shellcode mysteriously breaks

No replies
zandi
Offline
0xbaadf00d
Joined: 2010/09/12

I'm playing around with the protostar VM from exploit-excercises.com, and I'm running into some weird behavior that I just don't understand in the least. Apologies in advance, i'm not sure how to copy/paste straight from vmware yet so i've just got screencaps for now. Also, i'm not used to this board, so i'm sure i'm fucking something else up there.

For various stack excercises, they build you up by simply having you overwrite a function pointer or return pointer to the value of some other function. That's pretty easy to figure out, so I thought i'd try my hand at executing shellcode from the stack as well. However, things aren't as easy as i'd thought.

My shellcode works when I test it out in its own C program, as expected:

However, it doesn't work when I place it in a buffer on the stack while exploiting a sample program:

what's really creeping me out is how I'm certainly executing the shellcode on the stack (note the stack addresses in gdb), and the registers are being set up properly for the execve call. I can even see that the call is apparently succeeding, and the process image is being replaced by /bin/dash (since /bin/sh is symlinked), but i don't get an interactive shell like I normally do. What the hell's going on?

i'd swear this is some sort of small thing i'm missing, like having stdin screwed up and ^D'ing my shell immediately, but i just can't figure it out, and it's been puzzling me for far too long. Any ideas? Is there any more info i'd need to give?