Sign in to follow this  
Followers 0
0mega24

Exploitation, Stack Protection, and Randomized Addresses

2 posts in this topic

Hi Guys!
Recently I've been working through "Hacking the Art of Exploitation 2nd Ed.", an awesome book I would recommend it to anyone interested in learning the nuts and bolts of hacking. I've been working on learning stack based buffer overflows, which for those who are not familiar is when you find a buffer which does not check its bounds and write to it data much larger than itself, the goal being to overwrite either a function pointer or the EIP register with an address to some shellcode stored in the environment variable. I still have a lot of work and practice to do, but when trying it in my Ubuntu installation on my eee I learned a couple sad things.

First gcc now by default implements stack protection in all of its compiled programs, it does this by inserting a "canary" value into the stack and if it gets overwritten the program complains and terminates. If there was some way to figure out what this value was in advance and its location I could just overwrite it with its own value and everything would be hunky-dory. But even after researching it, I still have no idea on how to do that.

Also I guess the new Linux kernels randomize the address space upon executing the program, which I admit is a goddamn clever idea, but it obviously presents some difficulties if you want to overflow that particular program. I also have no idea how to circumvent this, I suspect its much easier on 32 bit systems than 64 but even then, still have no clue what to do with that.

So guys any suggestions on reading for these subjects?

Share this post


Link to post
Share on other sites
For address space layout randomization:

[url="http://www-users.rwth-aachen.de/Tilo.Mueller/ASLRpaper.pdf"]ASLR Smack & Laugh Reference[/url]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0