execve的外壳code写段错误 [英] execve shellcode writing segmentation fault
问题描述
我想学习execve的外壳code,
I am trying to study execve shellcode,
操作系统:Linux BT 2.6.39.4
OS : Linux bt 2.6.39.4
根@ BT:〜/#利用猫gshell.s
root@bt:~/exploit# cat gshell.s
.globl _start
_start:
nop
jmp MyString
shell:
popl %esi
xorl %eax,%eax
movl %al,9(%esi)
movl %esi,10(%esi)
movl %eax,14(%esi)
movb $11,%al
movl %esi, %ebx
leal 0xa(%esi),%ecx
leal 0xe(%esi),%edx
int $0x80
movl $1,%eax
movl $0,%ebx
int $0x80
MyString:
call shell
shellvar:
.ascii "/bin/bashADDDDCCCC"
根@ BT:〜/#开发作为-gstabs -o gshell.o gshell.s
root@bt:~/exploit# as -gstabs -o gshell.o gshell.s
根@ BT:〜/#开发LD -o gshell gshell.o
root@bt:~/exploit# ld -o gshell gshell.o
根@ BT:〜/#开发./gshell
分段错误(核心转储)
根@ BT:〜/#开发
root@bt:~/exploit# ./gshell Segmentation fault (core dumped) root@bt:~/exploit#
(GDB)破* _start
在0x8048054断点1:文件gshell.s,第6行
(gdb) break *_start Breakpoint 1 at 0x8048054: file gshell.s, line 6.
(GDB)R
启动程序:/根/开发/ gshell
(gdb) r Starting program: /root/exploit/gshell
计划接收信号SIGSEGV,分割过错。
外壳()在gshell.s:14
14 MOVB%人,9(%ESI)
Program received signal SIGSEGV, Segmentation fault. shell () at gshell.s:14 14 movb %al,9(%esi)
(GDB)打印/ X $ ESI
$ 1 = 0x804807a
(GDB)X / 16CB $ ESI
0x804807a:47'/'98'B'105'我'110'N'47'/'98'B'97'一'115'S'
0x8048082:104'H'65'A'68'D'68'D'68'D'68'D'67'C'67'C'
(GDB)
(gdb) print /x $esi $1 = 0x804807a (gdb) x/16cb $esi 0x804807a : 47 '/' 98 'b' 105 'i' 110 'n' 47 '/' 98 'b' 97 'a' 115 's' 0x8048082 : 104 'h' 65 'A' 68 'D' 68 'D' 68 'D' 68 'D' 67 'C' 67 'C' (gdb)
从上面的输出似乎我已经成功地pope'd / bin / sh的地址到ESI寄存器
但是,当我尝试移动到0 9(%ESI) - >它会导致分段错误。
甚至试图修改此程序:MOVL $ 0 $ ESI。
要知道,如果它被限制在0x804807a地址写?这导致该故障?
我怎么可以成功运行这个shell code继续
from above output it seems I have successfully pope'd /bin/sh address into ESI register But when I try to move 0 into 9(%esi) --> It causes segmentation fault. Even tried to modify this program : movl $0 to $esi. Want to know if it is restricted to write at 0x804807a address? which causing this fault? and how i can proceed with successfully running this shellcode
谢谢,
littlejack
Thanks, littlejack
推荐答案
由于博他的意见表示,的.text
部分是只读默认当前系统。为了使这个code的工作,你必须使其可写。例如,你可以使用一个指令,在源文件中像这样:
As Bo said in his comment, the .text
section is read-only by default on current systems. To make this code work, you have to make it writable. You can for example use a directive in the source file like so:
.section wtext, "awx", @progbits
另外,也可以通过 -N
开关连接器。
请注意,这样的壳code为通常用于叠层执行,这是的是通常在当前操作系统禁用又一事情。如果你想尝试这个堆栈上,您可能需要在 -z execstack
链接器选项。
Note that such shell code is normally intended for stack execution, which is yet another thing that's typically disabled in current operating systems. If you ever want to try this on the stack, you might need the -z execstack
linker option.
这篇关于execve的外壳code写段错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!