Donnerstag, 23. September 2010

HACKS: Tutorial Zero

The problem nowadays to learn buffer overflow is:
- linux kernel has protection (va_randomize, exec_shield,...)
- distribution has protection (armor, selinux, ...)
- gcc has protection (stack canary, ...

That is good, because it protect us. But bad for learning.

To learn "buffer overflows" you must deactivate the protection

some tips:

to deactivate gcc protection:
gcc overflow.c -o overflow -fno-stack-protector
gcc -fno-stack-protector -z execstack -o bug bug.c

to deactivate kernel protection:
echo "0" > /proc/sys/kernel/randomize_va_space
echo "0" > /proc/sys/kernel/exec-shield
echo "0" > /proc/sys/kernel/exec-shield-randomize

info about execstack

If you look at the programm with objdump (objdump -x cmd):
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**3
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
The stack is not executable!

you can do it executable with
gcc -fno-stack-protector -z execstack -o bug bug.c

If you want to learn heap or bss overflow you must do them executable too.
DYNAMIC off 0x0000000000000e40 vaddr 0x0000000000600e40 paddr 0x0000000000600e40 align 2**3
filesz 0x00000000000001a0 memsz 0x00000000000001a0 flags rw-

Keine Kommentare:

Kommentar veröffentlichen