Autor
Estaba siguiendo el tutorial http://www.infosecwriters.com/text_resources/pdf/return-to-libc.pdf para bypassear el HW DEP mediante el método ret2libc.
Éste es el código a explotar:
Código
El caso es que según pone en el tutorial, con 32 Aes sobreescribiríamos completamente el RET ADDRESS, pero en el tutorial, el autor hace uso de un sistema de 32 bits, y yo estoy usando la última versión de Kali, de 64 bits.
Con 30 Aes, me faltan 2 Aes para sobreescribir todo el RET ADDRESS, pero con o más de 31 Aes, siempre muestra 0x0000000000400655. ¿Qué pasa?
Citar
root@Kali:~/Desktop/Exploits# ulimit -c unlimited
root@Kali:~/Desktop/Exploits# gcc -ggdb retlib.c -o retlib
root@Kali:~/Desktop/Exploits# ./retlib `perl -e 'print "A"x30'`
Exploiting via returning into libc function
You typed [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
Violación de segmento (`core' generado)
root@Kali:~/Desktop/Exploits# gdb -q -c ./core
[New LWP 19019]
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff7adfe000
Core was generated by `./retlib AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000414141414141 in ?? ()
(gdb) q
root@Kali:~/Desktop/Exploits# ./retlib `perl -e 'print "A"x31'`
Exploiting via returning into libc function
You typed [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
Violación de segmento (`core' generado)
root@Kali:~/Desktop/Exploits# gdb -q -c ./core
[New LWP 19023]
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff5fffe000
Core was generated by `./retlib AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000400655 in ?? ()
(gdb) q
root@Kali:~/Desktop/Exploits# gcc -ggdb retlib.c -o retlib
root@Kali:~/Desktop/Exploits# ./retlib `perl -e 'print "A"x30'`
Exploiting via returning into libc function
You typed [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
Violación de segmento (`core' generado)
root@Kali:~/Desktop/Exploits# gdb -q -c ./core
[New LWP 19019]
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff7adfe000
Core was generated by `./retlib AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000414141414141 in ?? ()
(gdb) q
root@Kali:~/Desktop/Exploits# ./retlib `perl -e 'print "A"x31'`
Exploiting via returning into libc function
You typed [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
Violación de segmento (`core' generado)
root@Kali:~/Desktop/Exploits# gdb -q -c ./core
[New LWP 19023]
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff5fffe000
Core was generated by `./retlib AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000400655 in ?? ()
(gdb) q
Muchas gracias
En línea
