Sign in to follow this  
Followers 0
bobo825

find string address in mem using gdb

3 posts in this topic

Hi

Here is my problem :

I have to exploit a simple buffer overflow on a linux box with non ex stack and with no gcc or perl installed...

In order to exploit the suid program i have to use the ret into libc trick ...i found the address of the function system and exit using gdb but i need the address of the string /bin/sh as an arg to the function system. its pretty simple when i can code a small prog in c which return me he address of an environnement variable like SHELL=/bin/sh.. But with no gcc installed i tried to do it with gdb:

<gdb> set $x = 0x etc... <---- libc base address (ldd suid prog)

<gdb> while(strcmp($x, "/bin/sh")!=0)

> set $x = $x + 1

> end

ive been waiting for a long time but it return no result..

thx you

0

Share this post


Link to post
Share on other sites

Have a read of this it should be in there some where on haw to do this m8.Also look at the top link here very informative

nvrmm strange why don't you just install gcc m8 it would make your life alot more easyer.As you know then you could find the environment variable and display the correct adress.Also will be able to enable you to see if the address is changing.

http://www.google.co.uk/search?hl=en&q...earch&meta=

http://www.milw0rm.com/papers/6

Ive done this before i just cant remember haw lol was so long ago since i messed with linux.Also might be worth a look have a read of some of the paper's by Xpl017Elz.

http://x82.inetcop.org/h0me/papers/FC_exploit/

Edited by n00b
0

Share this post


Link to post
Share on other sites

thank you for your fast answer i'll take a look at this links...

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0