Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !

Search the Community

Showing results for tags 'bufferoverflow'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Community
    • General
    • Introductions
    • Rules
    • Suggestions
    • Update
    • Youtube Courses
    • Help
    • Graphics
  • Pentest
    • BruteForce
    • Defender
    • Enumeration
    • Evasion
    • Exfiltrate
    • Exploit
    • Informations Gathering
    • Network Discover
    • Privilege escalation
    • Reporting
    • Reverse Engineering
    • Vulnerability Analysis
    • Web
  • Application
    • Crypter
    • Keyloggers
    • R.A.T
    • Stealers
    • Miscellaneous
  • Operating Systems
    • Linux
    • Windows
    • Android
    • Apple
  • Scripts
    • Bash
    • C & C++ & C#
    • Perl
    • PHP Shells
    • Python
  • Social Engineering
    • Phishing
    • Spoofing
    • VOIP
  • Cracking
    • Software
    • Combo
    • Proxy
    • Config
    • Dorks
  • Dox
    • Collect
    • Locate
    • Exploit
    • Report
  • Anonymity
    • Identity
    • Web
  • VIP
    • Combos

Blogs

There are no results to display.

There are no results to display.

Product Groups

There are no results to display.

Categories

  • Free
    • Ebook
    • Tools
    • Scripts
  • Points
    • Ebook
    • Tools
    • Scripts
  • VIP
    • Ebook
    • Tools
    • Scripts

Categories

  • Learn
    • Learning Request
  • Teach
    • Teacher Room
    • Classroom
  • Challenges
    • CTF
    • Team VS Team
    • Community Challenge

Project

  • Capture The Flag
  • Web Challenges
  • System Challenges
  • Network Challenges
  • Crypto Challenges

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Birth date

Between and

Experience in years


Your ambitions


Your Favorite domains

Found 1 result

  1. Hi i'm gonna teach you how to exploit a buffer Overflow (with ASLR disabled) on linux. In this tutoral i'll consider that you have already a good understanding of asm registers, gdb command (like x/xw $register etc..) Requirement ? - Basic x86 asm (nasm) - C -Good knowledge of how the RAM is managed by the system when we use a program. ( How the stack work ) - Linux basic - GDB + peda ( How to install gdb + peda ) peda is optional What's mean ASLR ? So basically ASLR mean "address space layout randomization", but concretely it mean that when you start a program his data will not be stored at the same adresses each time you'll restart it. like this : You can see if the ASLR is enable in "/proc/sys/kernel/randomize_va_space" ASLR = 0 ==> disabled ASLR = 1 ==> enabled ASLR = 2 ==> enabled (default on systems) So for this tutorial we'll use ASLR = 0. Buffer Overflow ? All along the tutorial we'll use this basic code that take the argument and print it, i segment it with a function to have a better view when you will disassemble the program compiled. #include <stdio.h> #include <stdlib.h> #include <string.h> void function(char *arg) { char buffer[64]; strcpy(buffer,arg); printf("%s\n", buffer); } int main(int argc, char *argv[]) { if (argc != 2) { printf("Use '%s <your text>' \n", argv[0]); return 0; } function(argv[1]); return 0; } if we take a look at the function "function" we can see the declaration a off a buffer named "buffer" (pretty obvious right) then with the "strcpy" function we copy the argument "argv[1]" into the buffer (size = 64) then finally we print it. The buffer overflow is about overflowing the buffer to access to the save of the eip register, ok ok i explain it. When you declare a buffer in the stack first the system push the save of the instruction pointer (eip) this will help the program to continue the instruction after the function is done, then the save of the base pointer (ebp) than the buffer (the size) So the purpose is to rewrite the content of the save of eip to execute a part of code that we will store in the buffer. but we will not be writing code such as assembly because in the point of view of the system he read instruction is the Opcode format (like when you modify the "hex code" with HXD) so asm code become opcode. mov ax, 0x0 leave ===> \x66\xB8\x00\x00\xC9\xC3 ret But this opcode is too short to fit in a buffer of a greater size, so to fulfill the buffer + the ebp save we generally use NOP "\x90" (no operation) that basically mean "pass me i'm useless" so when we debug with gdb, in the eip register after the exploitation it will be written the address of the buffer so the program can take back his instruction and execute our code. The code that we use to inject is called Shellcode because it's an opcode that refer to some assembly code that open a shell, so if the program have the setuid bit you can have a shell as root and destroy the server/computer. To inject our Shellcode we need to calculate where the save of eip is. On a 32 bit system register are 4 bytes long ( 8 for a 64 bit system ) so add only 4 to the end of the buffer address, but more usually we calculate the difference between the starter address of the buffer and the eip address, it will give us the size of our Shellcode, then you add the buffer address to overwrite the eip save. (one instruction mean i space, so for a buffer of 64 it will be 64 * "\x90" and subtract the size of the Shellcode of course) - Be careful because the addresses can be read reversed, and the reason why ==> [Hidden Content] - To find the right Shellcode for the system [Hidden Content] - To know the exact architecture of your system: " lscpu " This Tuto is only a beginner introduction of the buffer overflow i will maybe make a second one where i will be entering more deeply in the subject like how to bypass ASLR and so on... Hope you enjoy it, leave a like
×
×
  • Create New...