Tue. Jun 18th, 2019

Ethical Hacking Playground

hacking is curiosity

Stack Based 0x3

Setting up the Debugger

We need to download PEDA (Python Exploitation Development Assistance). This makes exploiting binary’s easy.

 

INSTALLATION:


git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit
echo "DONE! debug your program with gdb and enjoy"

Stack Overflow

Create a file called vuln2.c and copy this source code into it

CODE:


#include <string.h>
#include <stdio.h>

void shell() {
        system("/bin/sh");
}

void vuln(char *arg) {
        char buff[100];
        strcpy(buff, arg);
}

int main(int argc, char **argv) {
        printf("\n%s\n", argv[1]);
        vuln(argv[1]);
}

Make sure to disable ASLR:

echo 0 > /proc/sys/kernel/randomize_via_space

COMPILE:

gcc -z execstack vuln2.c -o vuln2

EXPLOIT:

Okay, so in this one we have a function called shell(); inside the code which is not being called anywhere, but we want to control the eip disassemble the shell function get the memory address at the start of the shell(); function and craft our exploit so we call the shell(); function.

 

 

Advertisements