Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

stack overflow help ..

from [gaurav saha] Network Security [Permanent Link]
Subject: stack overflow help ..
Date: Thu, 25 Jan 2007 15:27:11 -0800 (PST) 
Hi, 
i am new to this stack overflow issue.

i am using fc3 (kernel 2.6.12-1.1381)

i have modified this few sysctl keys to these values.

kernel.overflowgid = 0
kernel.overflowuid = 0
fs.overflowgid = 0
fs.overflowuid = 0
kernel.randomize_va_space = 0


i am still unable to overwrite EIP

========= vuln1.c ===========
int main(int argc, char **argv)
{
        char buf[1024];
        strcpy(buf, argv[1]);
return 0;
}
====== end of vuln1.c =======

$gcc -ggdb vuln1.c -o v1
$gdb ./v1
.
.
.
.
(gdb) run `perl -e 'print "A"x1024'`
Starting program:
/home/gaurav/test/challenges/challenges/buf/v1 `perl
-e 'print "A"x1024'`
Reading symbols from shared object read from target
memory...(no debugging symbols found)...done.
Loaded system supplied DSO at 0xb5c000
(no debugging symbols found)...(no debugging symbols
found)...
Program exited with code 0120.
(gdb) run `perl -e 'print "A"x1028'`
warning: cannot close "shared object read from target
memory": File in wrong format
Starting program:
/home/gaurav/test/challenges/challenges/buf/v1 `perl
-e 'print "A"x1028'`
Reading symbols from shared object read from target
memory...(no debugging symbols found)...done.
Loaded system supplied DSO at 0x247000
(no debugging symbols found)...(no debugging symbols
found)...
Program exited with code 0100.
(gdb) run `perl -e 'print "A"x1036'`
warning: cannot close "shared object read from target
memory": File in wrong format
Starting program:
/home/gaurav/test/challenges/challenges/buf/v1 `perl
-e 'print "A"x1036'`
Reading symbols from shared object read from target
memory...(no debugging symbols found)...done.
Loaded system supplied DSO at 0x807000
(no debugging symbols found)...(no debugging symbols
found)...
Program received signal SIGSEGV, Segmentation fault.
0x00ac8e0d in __libc_start_main () from
/lib/tls/libc.so.6
(gdb) info reg
.
.
ebx            0xbdaff4 12431348
esp            0xbffff350       0xbffff350
ebp            0x41414141       0x41414141
esi            0xbffff3d4       -1073744940
edi            0xbffff360       -1073745056
eip            0xac8e0d 0xac8e0d
eflags         0x210286 2163334
.
.
(gdb) run `perl -e 'print "A"x1040'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1044'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1048'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1052'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1056'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 

and this keeps continuing ... no matter how many i
increase ... 
and i can't figure out what problem it is ...

thanks and adieu 
----gaurav


 
____________________________________________________________________________________
Now that's room service!  Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Is ophcrack online cracker offline forever?, Ronald I. Nutter
Next by Date:  Re: What backup software do you use and like?, Kenton Smith
Previous by Thread:  Is ophcrack online cracker offline forever?, Mary Hendrix
Next by Thread:  RE: stack overflow help .., Krpata, Tyler
Indexes:  [Date] [Thread] [Top] [All Lists]