execve的外壳code写段错误 [英] execve shellcode writing segmentation fault

问题描述

我想学习execve的外壳code，

I am trying to study execve shellcode,

操作系统：Linux BT 2.6.39.4

OS : Linux bt 2.6.39.4

根@ BT：〜/＃利用猫gshell.s

root@bt:~/exploit# cat gshell.s

.globl _start

_start:

    nop
    jmp MyString

    shell:

            popl %esi
            xorl %eax,%eax

            movl %al,9(%esi)
            movl %esi,10(%esi)
            movl %eax,14(%esi)

            movb $11,%al
            movl %esi, %ebx
            leal 0xa(%esi),%ecx
            leal 0xe(%esi),%edx
            int $0x80



            movl $1,%eax
            movl $0,%ebx
            int $0x80


    MyString:
            call shell
            shellvar:
                    .ascii "/bin/bashADDDDCCCC"

根@ BT：〜/＃开发作为-gstabs -o gshell.o gshell.s

root@bt:~/exploit# as -gstabs -o gshell.o gshell.s

根@ BT：〜/＃开发LD -o gshell gshell.o

root@bt:~/exploit# ld -o gshell gshell.o

根@ BT：〜/＃开发./gshell
分段错误（核心转储）
根@ BT：〜/＃开发

root@bt:~/exploit# ./gshell Segmentation fault (core dumped) root@bt:~/exploit#

（GDB）破* _start
在0x8048054断点1：文件gshell.s，第6行

(gdb) break *_start Breakpoint 1 at 0x8048054: file gshell.s, line 6.

（GDB）R
启动程序：/根/开发/ gshell

(gdb) r Starting program: /root/exploit/gshell

计划接收信号SIGSEGV，分割过错。
外壳（）在gshell.s：14
14 MOVB％人，9（％ESI）

Program received signal SIGSEGV, Segmentation fault. shell () at gshell.s:14 14 movb %al,9(%esi)

（GDB）打印/ X $ ESI
$ 1 = 0x804807a
（GDB）X / 16CB $ ESI
0x804807a：47'/'98'B'105'我'110'N'47'/'98'B'97'一'115'S'
0x8048082：104'H'65'A'68'D'68'D'68'D'68'D'67'C'67'C'
（GDB）

(gdb) print /x $esi $1 = 0x804807a (gdb) x/16cb $esi 0x804807a : 47 '/' 98 'b' 105 'i' 110 'n' 47 '/' 98 'b' 97 'a' 115 's' 0x8048082 : 104 'h' 65 'A' 68 'D' 68 'D' 68 'D' 68 'D' 67 'C' 67 'C' (gdb)

从上面的输出似乎我已经成功地pope'd / bin / sh的地址到ESI寄存器
但是，当我尝试移动到0 9（％ESI） - >它会导致分段错误。
甚至试图修改此程序：MOVL $ 0 $ ESI。
要知道，如果它被限制在0x804807a地址写？这导致该故障？
我怎么可以成功运行这个shell code继续

from above output it seems I have successfully pope'd /bin/sh address into ESI register But when I try to move 0 into 9(%esi) --> It causes segmentation fault. Even tried to modify this program : movl $0 to $esi. Want to know if it is restricted to write at 0x804807a address? which causing this fault? and how i can proceed with successfully running this shellcode

谢谢，
littlejack

Thanks, littlejack

推荐答案

由于博他的意见表示，的.text 部分是只读默认当前系统。为了使这个code的工作，你必须使其可写。例如，你可以使用一个指令，在源文件中像这样：

As Bo said in his comment, the .text section is read-only by default on current systems. To make this code work, you have to make it writable. You can for example use a directive in the source file like so:

.section wtext, "awx", @progbits

另外，也可以通过 -N 开关连接器。

请注意，这样的壳code为通常用于叠层执行，这是的是通常在当前操作系统禁用又一事情。如果你想尝试这个堆栈上，您可能需要在 -z execstack 链接器选项。

Note that such shell code is normally intended for stack execution, which is yet another thing that's typically disabled in current operating systems. If you ever want to try this on the stack, you might need the -z execstack linker option.

这篇关于execve的外壳code写段错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！