This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
session:08 [2018/07/03 19:18] Razvan Deaconescu [14. Challenge: Your Turn] |
session:08 [2020/07/19 12:49] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== |
===== Resources ===== | ===== Resources ===== | ||
- | [[http:// | + | /*[[http:// |
+ | |||
+ | [[https:// | ||
[[http:// | [[http:// | ||
Line 70: | Line 72: | ||
===== 4. Challenge: Shellcode as Argument ===== | ===== 4. Challenge: Shellcode as Argument ===== | ||
- | Go to '' | + | Go to '' |
Feed the '' | Feed the '' | ||
Line 191: | Line 193: | ||
Create a simple C program using a buffer overflow and able to store a shellcode into a global (data) variable. Compile it both for 32 and 64 bits. Then create exploits for them using '' | Create a simple C program using a buffer overflow and able to store a shellcode into a global (data) variable. Compile it both for 32 and 64 bits. Then create exploits for them using '' | ||
- | The '' | + | Create your simple C program in '' |
+ | |||
+ | The '' | ||
+ | |||
+ | ===== 15. Tutorial: Shellcode on Stack ===== | ||
+ | |||
+ | Go to the '' | ||
+ | |||
+ | We often use the stack to store the shellcode. That's what we use now. | ||
+ | |||
+ | For that to happen easily we need to disable ASLR using '' | ||
+ | < | ||
+ | $ setarch x86_64 -R /bin/bash | ||
+ | |||
+ | $ ldd vuln | ||
+ | linux-vdso.so.1 (0x00007ffff7ffb000) | ||
+ | libc.so.6 => / | ||
+ | / | ||
+ | $ ldd vuln | ||
+ | linux-vdso.so.1 (0x00007ffff7ffb000) | ||
+ | libc.so.6 => / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | Then we go into GDB and determine the offset and at the same time find the buffer address: | ||
+ | < | ||
+ | $ gdb ./vuln | ||
+ | </ | ||
+ | Use '' | ||
+ | |||
+ | In the '' | ||
+ | |||
+ | <note important> | ||
+ | To reenable ASLR, simply exit the shell you created using '' | ||
+ | </ | ||
+ | |||
+ | ===== 16. Challenge: io.netgarage.io level05 ===== | ||
+ | |||
+ | Go to the '' | ||
+ | |||
+ | It's a buffer overflow that may end up calling a shellcode placed on the stack buffer. | ||
+ | |||
+ | Create a '' | ||
+ | |||
+ | <note tip> | ||
+ | Use the '' | ||
+ | </ | ||
+ | |||
+ | <note important> | ||
+ | Disable ASLR using '' | ||
+ | </ | ||
+ | |||
+ | ===== 17. Challenge: Shellcode on Stack ===== | ||
+ | |||
+ | Go to the '' | ||
+ | |||
+ | Update the '' | ||
+ | |||
+ | ===== 18. Challenge: Shellcode on Stack (32 bit) ===== | ||
+ | |||
+ | Go to the '' | ||
+ | It's similar to the challenge above, except that it runs on 32 bits. Copy and update the '' | ||
/* | /* |