> I am trying to learn how to write a basic stack buffer overflow on
> linux. The program that I am exploiting is:
Hey eip,
I'm not sure what's happening here: have you changed something in the
environment between the two vulnerable program executions? 0xbffff5b4 is
far different from 0xbfffe434... You should check the stack contents and
compare them to find out the reason why $esp is changing. Check also that
you don't have any stack-base randomization protection in place and stuff
like that: i don't know if RH is doing something particular here and i
don't have a new Linux box handy to test it on my own.
You may also want to take a look at the exploit examples here (especially
abo1-ex2.c that uses the ret-into-envp technique):
> linux. The program that I am exploiting is:
Hey eip,
I'm not sure what's happening here: have you changed something in the
environment between the two vulnerable program executions? 0xbffff5b4 is
far different from 0xbfffe434... You should check the stack contents and
compare them to find out the reason why $esp is changing. Check also that
you don't have any stack-base randomization protection in place and stuff
like that: i don't know if RH is doing something particular here and i
don't have a new Linux box handy to test it on my own.
You may also want to take a look at the exploit examples here (especially
abo1-ex2.c that uses the ret-into-envp technique):
http://www.0xdeadbeef.info/code/abo-exploits.tgz
http://www.0xdeadbeef.info/code/linux-x86-exploits.tgz
Hope this helps,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
[ reply ]