find string address in mem using gdb
Posted 30 June 2007 - 07:55 AM
Here is my problem :
I have to exploit a simple buffer overflow on a linux box with non ex stack and with no gcc or perl installed...
In order to exploit the suid program i have to use the ret into libc trick ...i found the address of the function system and exit using gdb but i need the address of the string /bin/sh as an arg to the function system. its pretty simple when i can code a small prog in c which return me he address of an environnement variable like SHELL=/bin/sh.. But with no gcc installed i tried to do it with gdb:
<gdb> set $x = 0x etc... <---- libc base address (ldd suid prog)
<gdb> while(strcmp($x, "/bin/sh")!=0)
> set $x = $x + 1
ive been waiting for a long time but it return no result..
Posted 30 June 2007 - 08:31 AM
nvrmm strange why don't you just install gcc m8 it would make your life alot more easyer.As you know then you could find the environment variable and display the correct adress.Also will be able to enable you to see if the address is changing.
Ive done this before i just cant remember haw lol was so long ago since i messed with linux.Also might be worth a look have a read of some of the paper's by Xpl017Elz.
Edited by n00b, 30 June 2007 - 08:56 AM.
Posted 30 June 2007 - 09:09 AM
BinRev is hosted by the great people at Lunarpages!