• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Problem carrying out a simple buffer overflow

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
mendicant
Just Arrived
Just Arrived


Joined: 16 Oct 2009
Posts: 0


Offline

PostPosted: Fri Oct 16, 2009 8:19 pm    Post subject: Problem carrying out a simple buffer overflow Reply with quote

Hi,
I would like to start learning about the nuts and bolts concerning Linux security. I bought the "Gray Hat Hacking" book by Harris et al. and started working at their example for buffer overflows but hit a bump immediately. Is this the right place to be discussing this sort of thing? If so I give pertinent info below:

Program:
//overflow.c
#include <string.h>
main(){
char str1[10]; //declare a 10 byte string
//next, copy 35 bytes of "A" to str1
strcpy (str1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
}

gcc -ggdb -o overflow overflow.c
./overflow
resulted in the expected segmentation fault.

gdb -q overflow --> run
resulted in:
Starting program: /tmp/overflow
Program received signal SIGSEGV, Segmentation fault.
0x000000000040048f in main () at overflow.c:7
7 }

I was expecting something like 0x41414141 instead i.e. the hex for ASCII A is 0x41.
Also (gdb) info reg eip
resulted in:
Invalid register `eip'

The book suggested the following to disable Fedora's Address Space Layout Randomization:
echo "0" > /proc/sys/kernel/randomize_va_space
echo "0" > /proc/sys/kernel/exec-shield
echo "0" > /proc/sys/kernel/exec-shield-randomize
The first two commands executed but the last resulted in:
bash: /proc/sys/kernel/exec-shield-randomize: No such file or directory

Can anyone help me to understand what is going on?
Many thanks in advance,
M.
Back to top
View user's profile Send private message
peann
Just Arrived
Just Arrived


Joined: 15 Feb 2010
Posts: 0
Location: Ireland

Offline

PostPosted: Tue Feb 23, 2010 12:33 am    Post subject: Reply with quote

Are you using 64-bit architecture by any chance? If so, IIRC - you are looking for the RIP instruction pointer, opposed to EIP.
Back to top
View user's profile Send private message
gnix
Just Arrived
Just Arrived


Joined: 11 Dec 2009
Posts: 0


Offline

PostPosted: Mon Apr 05, 2010 7:54 am    Post subject: Reply with quote

Hello mendicant,

personally, I suggest you to consider an easier book like The Art of Exploitation (sold with a practice live distro for exercise), because Gray Hat Hacking is very though for a beginner.

In any case, the examples are not working because you have a different architecture. I am not sure, but maybe there are some virtual machines that can emulate a 32-bit OS on a 64-bit OS.

gnix
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register