# Basic Stack Corruption.
: Buffer Overflow refers to a vulnerability that overwrites contiguous memory when more data is inserted than the allocated buffer. The vulnerability occurs because the string processing function doesn't check the length of the input value. (ex. strcpy )
The following program was used for the basic stack corruption at Ubuntu Linux 14.04.
The goal is to execute the vuln() function using the vulnerability of strcpy.
Since this version of Ubuntu uses various memory protection techniques, we have compiled it with the following options:
gcc -fno-stack-protector -mpreferred-stack-boundary=2 -o bof bof.c
After compiling, we can look at using gdb as follows.
The contents of attack based on the above contents are as follows.
Now find the address of vuln() needed to create the payload using GDB.
Since we find the address of vuln(), now we can complete the payload.
I overwrite buffer[30]&SFP with the letter "A", and modulated the RET address with the address of vuln(). So, After the main function was terminated, the vuln function is executed and a root privileged shell is executed.
No comments:
Post a Comment