Software Exploitation : cmd-overflow

This tool is designed to exploit vulnerable programs which copy their command line arguments into fixed sized buffers.

Usage looks like this:

./cmd-overflow v1.6 by Steve Kemp
Usage   : ./cmd-overflow options
Options :

         --target file        Set the name of the target program.
         --size   num         Set the size of the buffer we use.
         --args 'args'        Set the argument string to use.
                              (% is replaced by the exploit buffer.)
         --verbose            Show diagnostics
         --test               Execute the selected shellcode only.
         --payload shell|bind Choose the shellcode to run

The "--args" parameter allows you to specify any arguments the program might expect, replace the argument you wish to overflow with '%'.

For example:

cmd-overflow --target=/bin/foo  \
  --size=2048 --args='/etc/foo %'

This gives the program /bin/foo two arguments, the first is "/etc/foo", the second is the constructed overflow string.

Download

Download the source code:

• cmd-overflow.c

Repository

The code is stored in a mercurial repository, if you wish to follow development please see the following URL:

• cmd-overflow mercurial repository
  The repository also contains a Makefile to build the program, and a simple test case which can be used to verify the tool works correctly.