Software Exploitation : env-overflow

This tool is designed to exploit vulnerable programs which copy the contents of particular environmental variables into fixed sized buffers.

Usage looks like this:

Usage   : ./env-overflow options
Options :

         --target file        Set the name of the target program.
         --size   num         Set the size of the buffer we use.
         --args 'args'        Set the argument string to use.
         --env NAME           The environmental varible to overflow
         --verbose            Show diagnostics
         --payload shell|bind Choose the shellcode to run
         --test               Execute the desired shellcode and exit

e.g.:
 ./env-overflow --target=./env-vuln --env=FOO --size=2000

For example:

env-overflow --target=/usr/games/freesweep --size=2044 --env=HOME

This gives the program /usr/games/freesweep a modified environmental variable HOME which is 2044 bytes long.

Download

Download the source code:

• env-overflow.c

Source Repository

If you wish to keep monitor development you view the mercurial repository at the following link:

• env-overflow mercurial repository
  The repository also contains a Makefile to build the tool, and a simple test program to ensure the code works.