The problem nowadays to learn buffer overflow is:
- linux kernel has protection (va_randomize, exec_shield,...)
- distribution has protection (armor, selinux, ...)
- gcc has protection (stack canary, ...
That is good, because it protect us. But bad for learning.
To learn "buffer overflows" you must deactivate the protection
some tips:
to deactivate gcc protection:
-fno-stack-protector
-fnomudflap
-D_FORTIFY_SOURCE=0
gcc overflow.c -o overflow -fno-stack-protector
gcc -fno-stack-protector -z execstack -o bug bug.c
to deactivate kernel protection:
echo "0" > /proc/sys/kernel/randomize_va_space
echo "0" > /proc/sys/kernel/exec-shield
echo "0" > /proc/sys/kernel/exec-shield-randomize
info about execstack
If you look at the programm with objdump (objdump -x cmd):
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**3
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
The stack is not executable!
you can do it executable with
gcc -fno-stack-protector -z execstack -o bug bug.c
If you want to learn heap or bss overflow you must do them executable too.
DYNAMIC off 0x0000000000000e40 vaddr 0x0000000000600e40 paddr 0x0000000000600e40 align 2**3
filesz 0x00000000000001a0 memsz 0x00000000000001a0 flags rw-
Keine Kommentare:
Kommentar veröffentlichen