Monday, April 25, 2011

Exploit writing-1

Hi guyzzz ..  Today we will be learning about the exploit writing .

Before we move further i am assuming few things

1)You understand the basic concept  of the buffer overflows
2)You know basic C/C++ and ASM knowledge
3)Basic knowledge about  the GDB
4)Exploiting techniques

If you dnt know about anyone of the above assumptions , please learn them and come back

First of all let me write small c program

#include<stdio.h>
#include<string.h>
int main ( int argc , char** argv[])
{
char buff[500];
strcpy(buff,argv[1]);
}

Lets see what happens if you compile the above program  and load it in the debugger


What is happening and why it is happening ???
well gcc 3.x and gcc 4.x by default use a protecting technique called "stack smashing protection " , which is used for tracing the stack buffer overflow before any malicious code is executed

Stack Smashing protection 


SSP places a randomly chosen integer in memory just befor the stack return pointer . Normallt , buffer overflows overwrite memory addresses from low to high , so in order to overwrite the small integer that is placed just befor the stack return pointer , SSP just checks to see if that integer was changed or not before the use of the return pointer on the stack


How to bypass the SSP ?? 


we can bypass the SSP by adding "-fno-stack-protector" flag to gcc when compiling


we will discuss further in the next tutorial ... Thank you 

3 comments:

Anonymous said...

for this small article to learn, do we need to learn all those bloody stuff buddy? Please improve writing.Anyway content is good.

vamshikrishnamraju said...

I think you didnt read the article completely .

i said that article is not yet complete and i will continue in my next post ...

Please comment after reading the article ...

Sankar Amarnath said...

pretty cool ! introduction :)
best wishes to yr articles

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Vamshi krishnam raju | Bloggerized by Vamshi krishnam raju - Vamshi krishnam raju | Vamshi krishnam raju