In this article we will try to bypass the ASLR (Address Space Layout Randomization) and NX (non execute bit) techniques.
So we got this 32 bit binary “overflow” without source code and root suid bit turned on!
$ ls -al overflow -rwsr-sr-x 1 root root 7377 Jun 15 21:17 overflow
All we know is that it requires a string as an argument, let’s see if it is vulnerable to buffer overflow.
$ ./overflow $(python -c 'print "A" *1000') Segmentation fault
Good! We got a buffer overflow.
First of all let’s examine the binary in order to understand what it really does 😉
Objdump can help us in this case and this is the output of “objdump -d overflow” related to the main() function:
0804847d <main>: 804847d: 55 push %ebp 804847e: 89 e5 mov %esp,%ebp 8048480: 83 e4 f0 and $0xfffffff0,%esp 8048483: 83 c4 80 add $0xffffff80,%esp 8048486: 83 7d…
View original post 845 altre parole