Simple ASLR/NX bypass on a Linux 32 bit binary

Decoder's Blog

In this article we will try to bypass the ASLR (Address Space Layout Randomization) and  NX (non execute bit) techniques.

So we got this 32 bit binary “overflow” without source code and root suid bit turned on!

$ ls -al overflow 

-rwsr-sr-x 1 root root 7377 Jun 15 21:17 overflow

All we know is that it requires a string  as an argument,   let’s see if it is vulnerable to buffer overflow.

$ ./overflow $(python -c 'print "A" *1000')
Segmentation fault

Good! We got a buffer overflow.

First of all let’s  examine the binary in order to understand what it really does 😉

Objdump can help us in this case and  this is the output  of “objdump -d overflow” related to the main() function:

0804847d <main>: 804847d: 55 push %ebp 804847e: 89 e5 mov %esp,%ebp 8048480: 83 e4 f0 and $0xfffffff0,%esp 8048483: 83 c4 80 add $0xffffff80,%esp 8048486: 83 7d…

View original post 845 altre parole