overflow_example.c

root@toshiba:/home/tomovic/hack# gcc -o overflow_example overflow_example.c
root@toshiba:/home/tomovic/hack# ./overflow_example 1234567890
[BEFORE] buffer_two is at 0xbfc3eda4 and contains 'two'
[BEFORE] buffer_one is at 0xbfc3ed9c and contains 'one'
[BEFORE] value is at 0xbfc3ed98 and is 5 (0x00000005)

[STRCPY] copying 10 bytes into buffer_two

[AFTER] buffer_two is at 0xbfc3eda4 and contains '1234567890'
[AFTER] buffer_one is at 0xbfc3ed9c and contains 'one'
[AFTER] value is at 0xbfc3ed98 and is 5 (0x00000005)
*** stack smashing detected ***: ./overflow_example terminated
Abgebrochen (Speicherabzug geschrieben)

Das Ergebnis zeigt:  gcc Parameter und den ALSR wurde toleriert.

root@toshiba:/home/tomovic/hack# cat /proc/sys/kernel/randomize_va_space
2
root@toshiba:/home/tomovic/hack# echo 0 > /proc/sys/kernel/randomize_va_space
root@toshiba:/home/tomovic/hack# cat /proc/sys/kernel/randomize_va_space
0

0 heißt, jetzt könnt Ihr loslegen.
 
root@toshiba:/home/tomovic/hack# gcc -fno-stack-protector -z execstack -o overflow_example overflow_example.c
root@toshiba:/home/tomovic/hack# ./overflow_example 1234567890
[BEFORE] buffer_two is at 0xbffff6fc and contains 'two'
[BEFORE] buffer_one is at 0xbffff704 and contains 'one'
[BEFORE] value is at 0xbffff70c and is 5 (0x00000005)

[STRCPY] copying 10 bytes into buffer_two

[AFTER] buffer_two is at 0xbffff6fc and contains '1234567890'
[AFTER] buffer_one is at 0xbffff704 and contains '90'
[AFTER] value is at 0xbffff70c and is 5 (0x00000005)
root@toshiba:/home/tomovic/hack#

Die Speicheradressen sind anders, wie in eurem Buch, das ist normal. Wenn ihr ein anderes Linux benützt, dann ändern sich vielleicht wieder die Adressen.

   

Forensik  

   
© ALLROUNDER