4:25 PM
Anonymous
Hi guyzzz .. Today we will be learning about the exploit writing .
Before we move further i am assuming few things
1)You understand the basic concept of the buffer overflows
2)You know basic C/C++ and ASM knowledge
3)Basic knowledge about the GDB
4)Exploiting techniques
If you dnt know about anyone of the above assumptions , please learn them and come back
First of all let me write small c program
#include<stdio.h>
#include<string.h>
int main ( int argc , char** argv[])
{
char buff[500];
strcpy(buff,argv[1]);
}
Lets see what happens if you compile the above program and load it in the debugger
What is happening and why it is happening ???
well gcc 3.x and gcc 4.x by default use a protecting technique called "stack smashing protection " , which is used for tracing the stack buffer overflow before any malicious code is executed
Stack Smashing protection
SSP places a randomly chosen integer in memory just befor the stack return pointer . Normallt , buffer overflows overwrite memory addresses from low to high , so in order to overwrite the small integer that is placed just befor the stack return pointer , SSP just checks to see if that integer was changed or not before the use of the return pointer on the stack
How to bypass the SSP ??
we can bypass the SSP by adding "-fno-stack-protector" flag to gcc when compiling
we will discuss further in the next tutorial ... Thank you
Before we move further i am assuming few things
1)You understand the basic concept of the buffer overflows
2)You know basic C/C++ and ASM knowledge
3)Basic knowledge about the GDB
4)Exploiting techniques
If you dnt know about anyone of the above assumptions , please learn them and come back
First of all let me write small c program
#include<stdio.h>
#include<string.h>
int main ( int argc , char** argv[])
{
char buff[500];
strcpy(buff,argv[1]);
}
Lets see what happens if you compile the above program and load it in the debugger
What is happening and why it is happening ???
well gcc 3.x and gcc 4.x by default use a protecting technique called "stack smashing protection " , which is used for tracing the stack buffer overflow before any malicious code is executed
Stack Smashing protection
SSP places a randomly chosen integer in memory just befor the stack return pointer . Normallt , buffer overflows overwrite memory addresses from low to high , so in order to overwrite the small integer that is placed just befor the stack return pointer , SSP just checks to see if that integer was changed or not before the use of the return pointer on the stack
How to bypass the SSP ??
we can bypass the SSP by adding "-fno-stack-protector" flag to gcc when compiling
we will discuss further in the next tutorial ... Thank you
Posted in: Exploits
3 comments:
for this small article to learn, do we need to learn all those bloody stuff buddy? Please improve writing.Anyway content is good.
I think you didnt read the article completely .
i said that article is not yet complete and i will continue in my next post ...
Please comment after reading the article ...
pretty cool ! introduction :)
best wishes to yr articles
Post a Comment