Learning purpose to undestanding :
- Assembly Language Megaprimer
- The concept behind buffer overflows
- Basic ASM and C/C++
- Basic terms used in exploit writing
- GDB (just basic stuff.)
- Exploiting techniques
Today i learn about basic Linux Exploit using backtrack, the target runing in the backtrack too. Its mean learn abaout the exploit attack for backtrack kernel or linux kernel. first step is turn off the ASLR (Value = 0) like this.
|
Turn OFF ASLR |
Next build the vulnerable code with C language and
I gave the name vulnerable_1
|
C language |
Compile the vulnerable code to build it.
|
Build and compile |
By other terminal run the gdb
|
Running gdb |
Lets make the fuzzer and running it...see the EIP overwrite
|
Overwrite |
More info you can see with the command like this
|
Info register and Segmentation fault |
Why is this happening?
Well gcc 3.x and 4.x by default compile code using a protection technique called “stack-smashing protection” (it’s available by default in all the Linux distributions by now I think), this protection technique is used to detect a stack buffer overflow before any malicious code is executed. Its work with rondomly.
By command list you can know the stack application
|
List |
The register ESP is 0xbffff16c will substract with 200 we will get
By the address from result like the picture above we now the address of register to overwrite the EIP. Now with the shellcode generator with C language to exploit.
|
Shellcode generator |
Runing the shellcode generator
|
Generate shellcode with C |
After generate you must insert the shellcode into the fuzzer. the structure like this
“\x90” * 323 + sc (45 bytes) + ESP address * 35
Lets running it..
|
Running the fuzzer |
Run again