Buffer Overflow Vulnerability experiment more than 20,125,114

A Experiment Description

A buffer overflow is a situation in which a program attempts to write to a buffer beyond the pre-allocated fixed-length data, which can be

A malicious user can use it to change the flow control of a program or even execute arbitrary fragments of code. When this vulnerability occurs, the overflow causes the return address to be overridden due to a temporary shutdown of the buffer and the return address.

Two Experiment Preparation

Practice 1 :

3.1 Initial setup

3.2 Shellcode

In general, a buffer overflow can cause a program to crash, and in the program, the overflow data overwrites the return address. And if the data that overwrites the return address is another address, then the program jumps to that address, and if the address is a piece of well-designed code to implement other functions, this code is shellcode.

Observe the following code:

#include <stdio.h>

int main () {

Char *name[2];

Name[0] = "/bin/sh";

NAME[1] = NULL;

Execve (Name[0], name, NULL);

}

The shellcode of this experiment is the compiled version of the code just now:

\x31\xc0\x50\x68 "//sh" \x68 "/bin" \x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80

3.3 Vulnerability Procedures

The GCC compiler has a stack protection mechanism to prevent buffer overflows, so we need to use –fno-stack-protector to close this mechanism when compiling the code. The-Z execstack is used to allow execution of the stack.

Note under the TMP directory.

3.4 Attack Program

The GDB trace needs to be invoked.

Create a exploit.c file

The following address is obtained:

3.5 Attack results

The attack was passed and the root privilege was obtained.

Practice 2 :

by Command "sudo sysctl-w kernel.randomize_va_space=2" Open the system's address space randomization mechanism and reuse Exploit Program Attack Stack To see if the attack is successful, whether it can be obtained Root Permissions

Root permission Not available

Practice 3

will be /bin/sh re-pointing /bin/bash (or /bin/dash ) to see if the attack is successful, and whether it can obtain Root permissions.

Root permission Not available

Two Experimental experience

In this experiment, Ubuntu and some other Linux systems use address space to randomize the initial address of the random heap (heap) and stack (stack), which makes it difficult to guess the exact memory address, and guessing the memory address is the key to the buffer overflow attack. Therefore, even if you can trick a set-uid program into invoking a shell, you cannot maintain root privileges in the shell, which is implemented in/bin/bash. Harvest a lot, but also hope to continue efforts!

Buffer Overflow Vulnerability experiment more than 20,125,114