A buffer overflow is a scenario in which a program attempts to write to a buffer beyond the pre-allocated fixed-length data. This vulnerability could be exploited by malicious users to alter the flow control of a program, or even execute arbitrary fragments of code. This vulnerability occurs because of a temporary shutdown of the data buffer and the return address, which causes the return address to be rewritten.
Ii. concrete steps of the experiment
1. Preparatory work
Install a package that can be used to compile a 32-bit C language program in a 64-bit Linux environment in the lab building
2, close the Linux system related address protection system
In Ubuntu and some other Linux systems, using address space randomization to the initial address of random heap (heap) and stack (stack) makes it difficult to guess the address.
sudo sysctl -w kernel.randomize_va_space=0
Many shell programs automatically give up privileges when they are called, so it is difficult to maintain a root privilege. This step does not fully understand the process during the experiment, so let's put it aside for a while.
Then enter the Linux32-bit environment.
3. Compiling the vulnerability program
Enter the/tmp directory to create a new stack file, compile and set Set-uid
Set-uid gives a way for a normal user to temporarily use Superuser privileges.
The GCC compiler has a stack protection mechanism to prevent buffer overflows, so we need to use –fno-stack-protector to close this mechanism when compiling the code. The-Z execstack is used to allow execution of the stack.
4. Compile the attack program
Create a new exploit.c file in the/tmp directory, in order to save time, the experimental building directly gave us a link to a code file.
wget http://labfile.oss.aliyuncs.com/courses/231/exploit.c
5, modify the memory address, to cover
exploit.c file, \x?? \x?? \x?? \x?? Need to add shellcode to the memory of the address, where overflow occurs just to overwrite the return address. strcpy (Buffer+100,shellcode); This sentence again tells us that the shellcode is saved in buffer + 100 position. So we get Shellcode's address through GDB debugging. Modified the exploit.c file to compile.
6. Running the program
After the address protection mechanism has been modified, the run is unsuccessful and the segment error is displayed.
Experimental Harvest
Feel according to the steps of the experiment step by step, really can get the corresponding results, but the whole experiment is a walk a process, or do not understand the relevant memory overflow of the specific process, as well as the relevant attack ideas, their level or not standards, there is a long way to go, The knowledge points of the stack frames mentioned by the teacher in class need to be understood.
2018-2019-1 20165320 "The foundation of Information security system Design" buffer Overflow vulnerability experiment
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
