Problem carrying out a simple buffer overflow

Networking/Security Forums -> Exploits // System Weaknesses

Author: mendicant PostPosted: Fri Oct 16, 2009 8:19 pm    Post subject: Problem carrying out a simple buffer overflow
    ----
Hi,
I would like to start learning about the nuts and bolts concerning Linux security. I bought the "Gray Hat Hacking" book by Harris et al. and started working at their example for buffer overflows but hit a bump immediately. Is this the right place to be discussing this sort of thing? If so I give pertinent info below:

Program:
//overflow.c
#include <string.h>
main(){
char str1[10]; //declare a 10 byte string
//next, copy 35 bytes of "A" to str1
strcpy (str1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
}

gcc -ggdb -o overflow overflow.c
./overflow
resulted in the expected segmentation fault.

gdb -q overflow --> run
resulted in:
Starting program: /tmp/overflow
Program received signal SIGSEGV, Segmentation fault.
0x000000000040048f in main () at overflow.c:7
7 }

I was expecting something like 0x41414141 instead i.e. the hex for ASCII A is 0x41.
Also (gdb) info reg eip
resulted in:
Invalid register `eip'

The book suggested the following to disable Fedora's Address Space Layout Randomization:
echo "0" > /proc/sys/kernel/randomize_va_space
echo "0" > /proc/sys/kernel/exec-shield
echo "0" > /proc/sys/kernel/exec-shield-randomize
The first two commands executed but the last resulted in:
bash: /proc/sys/kernel/exec-shield-randomize: No such file or directory

Can anyone help me to understand what is going on?
Many thanks in advance,
M.

Author: peannLocation: Ireland PostPosted: Tue Feb 23, 2010 12:33 am    Post subject:
    ----
Are you using 64-bit architecture by any chance? If so, IIRC - you are looking for the RIP instruction pointer, opposed to EIP.

Author: gnix PostPosted: Mon Apr 05, 2010 7:54 am    Post subject:
    ----
Hello mendicant,

personally, I suggest you to consider an easier book like The Art of Exploitation (sold with a practice live distro for exercise), because Gray Hat Hacking is very though for a beginner.

In any case, the examples are not working because you have a different architecture. I am not sure, but maybe there are some virtual machines that can emulate a 32-bit OS on a 64-bit OS.

gnix



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group