|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 19:09
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 3 posts ] |
|
Author |
Message |
gnix
|
Post subject: [C] An exploit that work only inside GDB Posted: 03 Mar 2009 22:37 |
|
Joined: 02 Jan 2009 12:00 Posts: 3
|
Hi,
I am 100% sure that you will find this impossible, but I wrote an exploit that work only inside the debugger (GDB). How is possible? The structure is almost standard. Using execle I forge the env array putting the shellcode as an Environment Variable and I write the address of the shellcode in the file that the target will read (using a fscanf("%s", buffer)). I calculated the exact number of bytes to overwrite the return address, and I added 32 bytes more (to be sure :P). Now, if i try my exploit inside GDB, I get my shell. But if I run my exploit entering "./a.out" at the shell prompt, it doesn't work. Do you have any idea that can help me to find the reason?
Thanks Gnix
ps: Sorry for my english..
|
|
Top |
|
|
|
|
|
|
|
gnix
|
Post subject: Re: [C] An exploit that work only inside GDB Posted: 03 Mar 2009 23:15 |
|
Joined: 02 Jan 2009 12:00 Posts: 3
|
Well, I discovered the reason. It seems that the trick to use
ret = 0xbffffffa - (sizeof(shellcode)-1) - strlen("./prog");
It doesn't work under OpenSuse 11.1. The ASLR change my ret address and this happen also if I use execle to create my own env array. At this moment, I realy don't understand how is possible to exploit something under Linux. The nop-sled technique is useles with the ASLR, and also the use of execle (and of the magic address 0xffffffa) seems to not work anymore..
Which techniques are you using to bypass this obstacle?
Thanks Gnix
|
|
Top |
|
|
aluigi
|
Post subject: Re: [C] An exploit that work only inside GDB Posted: 04 Mar 2009 15:27 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
sorry but that's not my field, so I don't know an exact answer
|
|
Top |
|
|
|
Page 1 of 1
|
[ 3 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|