├── README.md
├── overflow_checker.py
└── test_files
    ├── pwn1
    ├── pwn2
    ├── pwn3
    └── pwn4


/README.md:
--------------------------------------------------------------------------------
 1 | This is a tool you can use to check if a simple binary is vulnerable to basic buffer overflow.
 2 | 
 3 | Usage: 
 4 | ```
 5 | overflow_checker.py [-h] [-m MAX] program
 6 | 
 7 | Options
 8 | 
 9 | positional arguments:
10 |   program            program to perform the check on
11 | 
12 | optional arguments:
13 |   -h, --help         show this help message and exit
14 |   -m MAX, --max MAX  maximum number of bytes to test (default: 99999)
15 | ````
16 | 
17 | You can find some binaries as demo in the test_files directory
18 | 


--------------------------------------------------------------------------------
/overflow_checker.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python3
  2 | """This program finds the minimun number of bytes needed to overflow the stack of a simple binary.
  3 | Use: 
  4 | ./overflow_checker.py <file_path>
  5 | """
  6 | 
  7 | import struct, subprocess, sys, argparse
  8 | from subprocess import PIPE, TimeoutExpired 
  9 | 
 10 | __author__= "Daniel Cuesta Suárez. @danielcues"
 11 | 
 12 | 
 13 | max = 99999
 14 | program = ""
 15 | 
 16 | 
 17 | def overflow(n): 
 18 | 	"""Tries to overflow the given program with n bytes.
 19 | 
 20 | 	Returns True if the program overflows, false if it doesn't. 
 21 | 	It also returns false if the program excedes the timeout. 
 22 | 	This is to prevent never-ending binaries to stall this program
 23 | 	"""
 24 | 	command = "./"+program
 25 | 	payload = "A"*n
 26 | 	try:
 27 | 		process = subprocess.run(command.split(" "), 
 28 | 					 stdout=PIPE, 
 29 | 					 stderr=PIPE, 
 30 | 					 input= payload, 
 31 | 					 encoding='ascii', 
 32 | 					 timeout=0.1)
 33 | 
 34 | 		if(process.returncode == -11):
 35 | 			return True
 36 | 		return False
 37 | 
 38 | 	except TimeoutExpired:
 39 |    		return False
 40 | 
 41 | 
 42 | 
 43 | def insaneOverflow():
 44 | 	"""Calls the overflow function with the stablished maximun value"""
 45 | 	return overflow(max)
 46 | 
 47 | 
 48 | 
 49 | def findMinPaddingInInterval(start, end):
 50 | 	"""Recursively looks for the minimun value needed to overflow the program. 
 51 | 	Complexity O(log n)
 52 | 	"""
 53 | 	if (start == end):
 54 | 		return start
 55 | 	mid = (int)((start+end)/2)
 56 | 	if (overflow(mid)):
 57 | 		return findMinPaddingInInterval(start, mid)
 58 | 	return findMinPaddingInInterval(mid+1, end)
 59 | 
 60 | 
 61 | 
 62 | def findMinPadding():
 63 | 	"""Starts the search for minimun padding"""
 64 | 	return findMinPaddingInInterval(1,max)
 65 | 
 66 | def initProgram():
 67 | 	"""Parses the program arguments and stores them accordingly"""
 68 | 	global program, max
 69 | 
 70 | 	parser = argparse.ArgumentParser(description='Options',
 71 | 					 formatter_class=argparse.ArgumentDefaultsHelpFormatter)
 72 | 
 73 | 	parser.add_argument("-m","--max", 
 74 | 			    help="maximum number of bytes to test", 
 75 | 			    type=int,
 76 | 			    default=max)
 77 | 
 78 | 	parser.add_argument("program", 
 79 | 			    help="program to perform the check on")
 80 | 
 81 | 	args= parser.parse_args()
 82 | 
 83 | 
 84 | 	
 85 | 	program = args.program
 86 | 	max = args.max
 87 | 
 88 | 
 89 | def main():
 90 | 
 91 | 	initProgram()
 92 | 
 93 | 	if (insaneOverflow()):
 94 | 		minimunPadding = findMinPadding()
 95 | 		print("Program needs at least %d bytes to break." % minimunPadding)
 96 | 		print("That means your padding should be %d bytes long" % (minimunPadding-4))
 97 | 		
 98 | 	else:
 99 | 		print("%s is not vulnerable to buffer oveflow. Better luck next time" % program)
100 | 	return
101 | 
102 | 
103 | 
104 | main()
105 | 


--------------------------------------------------------------------------------
/test_files/pwn1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/daniel-cues/overflow-checker/23d22b117728ebce5ef64fc1b33c13e446d9dc53/test_files/pwn1


--------------------------------------------------------------------------------
/test_files/pwn2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/daniel-cues/overflow-checker/23d22b117728ebce5ef64fc1b33c13e446d9dc53/test_files/pwn2


--------------------------------------------------------------------------------
/test_files/pwn3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/daniel-cues/overflow-checker/23d22b117728ebce5ef64fc1b33c13e446d9dc53/test_files/pwn3


--------------------------------------------------------------------------------
/test_files/pwn4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/daniel-cues/overflow-checker/23d22b117728ebce5ef64fc1b33c13e446d9dc53/test_files/pwn4


--------------------------------------------------------------------------------