Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - monod

Pages: [1]
1
Tutorials / Re: Easy intro to (local) exploitation
« on: February 04, 2014, 11:41:30 am »
Quote from: b0whunter on February 04, 2014, 04:42:40 am
The example was done on a 32-bit intel architecture and you are on a 64-bit version. eip is rip on 64-bit.


Also prior to attempting the example, issue the following command:
"echo 0 > /proc/sys/kernel/randomize_va_space"


Compile the vulnerable program with these flag also:
" gcc -fno-stack-protector -z execstack"


If you would rather follow the example like it is (in 32-bit environment) use this option also when compiling the vulnerable program :
"gcc -m32"
I think the more logical way to circumvent this difference, for this tutorial, would be to 'gcc -m32' :D
Since..this
echo 0 > /proc/sys/kernel/randomize_va_space
sounds like a setting being set for this specific example file
and
gcc -fno-stack-protector -z execstack
hmm... sounds too easy to just disable the stack-protector :D


By the way, from this example it seems to me that 64bit programs do have a stack protector while 32bit ones do not? This sounds weird, so I ask you. I sorta intend to know what's happening, in addition to learn commands.
Thanks!

2
Tutorials / Re: Easy intro to (local) exploitation
« on: February 04, 2014, 01:31:02 am »
hey all.
I'm trying this tutorial to get my hands into some practice, after some long, long time.
I've noticed that I can't get my 'rip' register overwritten ('cause it's called like that by gdb, is it a difference in architecture maybe?). How can I explain to you what I do get?
I just type more A's until I get SIGSEGV and... 'rip' points to <return_input+33>
After one 'disas return_input' I discovered that return_input+33 is... 'retq', the end of the function.
What's going on in my computer? :)
Thanks.

Pages: [1]