Autobuf is a simple tool written in C++ for Linux that aids in finding buffer overflow exploits. It calls gdb on a target program, progressively trying larger inputs and checking the register values until the current instruction pointer is overwritten. It then outputs the offset (in bytes) of this address from the beginning of the buffer. Once this offset is known, it becomes almost trivial to grab shellcode from the net and get it to execute inside the target program. It also calls readelf to output some useful information, such as the executable’s entry point address and whether the stack is executable or not.
To compile the program, you must have Linux with g++ installed and 32-bit compilation capabilities. Just run “make” from a terminal to build Autobuf and example programs using the given Makefile.
Two simple example programs to exploit: vulnerable and vulnerable2. The first example takes no command line arguments, but uses gets() to (unsafely) read input from the user. The second example takes a single command line argument, which is copied (unsafely) via strcpy() into a buffer. You can see Autobuf in action by running “./autobuf vulnerable” or “./autobuf vulnerable2” from the terminal.
git clone https://bitbucket.org/berserkguard/autobuf.git && cd autobuf
"./autobuf vulnerable" or "./autobuf vulnerable2"