在Mac OS 10.6执行简单的缓冲区溢出 [英] performing simple buffer overflow on Mac os 10.6
问题描述
我想了解堆栈溢出基地和写一个简单的code利用堆栈。但不知何故,它不会在所有的工作,但只显示在我的机器(MAC OS豹)中止陷阱
我想的Mac OS对待不同的溢出,它不会让我到c code覆盖内存。例如,
的strcpy(缓冲区,输入)//可以说字符缓冲区[6],但投入是7个字节
Linux机器上,这code成功覆盖下一个堆栈,但prevented在Mac OS(中止陷阱)
任何人都知道如何进行MAC机器上的一个简单的栈溢出的基础?
的#include<&stdio.h中GT;
INT主(INT ARGC,字符** argv的){
炭缓冲液[4];
看跌期权(你好);
得到(缓冲);
返回0;)
}
和称呼其为:
的printf0123456789abcdefghij \\ 260 \\ 037| ./a.out
\\ 260 \\ 037是主要的地址(这里0x1fb0)的八进制和小尾数顺序。
您应该看到你好总线错误之前打印两次。诀窍是使用调试器(GDB甚至会做),要知道这两个,你要结束了和在哪里返回地址。这不会是一样的Linux!
MacOS X的i386的,尤其优选(因为事实上,包括Linux和Windows的i386大多数操作系统); =豹是不是最安全的操作系统
编辑:刚刚意识到,我用铿锵的编译器。所以,你需要将它适应GCC,但我可以告诉你它的作品变化不大:P
I'm trying to learn about stack base overflow and write a simple code to exploit stack. But somehow it doesn't work at all but showing only Abort trap on my machine (mac os leopard)
I guess Mac os treats overflow differently, it won't allow me to overwrite memory through c code. for example,
strcpy(buffer, input) // lets say char buffer[6] but input is 7 bytes
on Linux machine, this code successfully overwrite next stack, but prevented on mac os (Abort trap)
Anyone know how to perform a simple stack-base overflow on mac machine?
#include <stdio.h>
int main(int argc, char **argv) {
char buffer[4];
puts("Hello");
gets(buffer);
return 0;)
}
and call it as:
printf "0123456789abcdefghij\260\037" | ./a.out
\260\037 is the address of main(0x1fb0 here) in octal and in little endian order.
You should see hello print two times before a bus error. The trick is to use a debugger(even gdb will do) to know both where you want to end up and where is the return address. It won't be the same as in Linux!
MacOS X for i386(most OSes for i386 in fact including Linux and Windows) and especially <=Leopard are not the most secure OS.
EDIT: just realized I was using clang as the compiler. So you will need to adapt it to gcc but I can tell you it works with little change :p.
这篇关于在Mac OS 10.6执行简单的缓冲区溢出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
