Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm an aspiring security specialist and am currently working on my first buffer overflow. (using The Shellcoders Handbook by Jack Koziol.)
However, while it seems to work on older versions of linux, in fedora core 2 I can not overwrite EIP no matter how hard I try. EBP no problem but not EIP. Anyways, any help or direction would be fantastic. Thanks in advance.
neophytic; attempt to program with c++, c or visual basic. from info are u dealing with a hispeed
system? as u know EIP deals with program counter. either address or instruction registers.
logic, constants and counters check:
calculate,compare and copy. or u dealing with corporate system? that is another twist.
Sorry for being so indescriptive. I created a fedora core 2 system to play around on. I created a program in C listed here:
void return_input(void)
{
char array[30];
gets (array);
printf("%s\n", array);
}
main()
{
return_input();
return 0;
Obviously, there is a glaring overflow vulnerability within the return_input function. I compiled the program with gcc using the -mpreferred-stack-boundary=2 -ggdb option listed here:
/tmp/ccsyJRjA.o(.text+0xb): In function `return_input':
/home/neophyte/code/shellcoders_handbook/overflow_pg19/overflow.c:5: warning: the `gets' function is dangerous and should not be used.
and here we have it: ebp is x41414141 (cap A's)
and unfortunately eip is x80483c8
it seems no matter what I do I can not override eip. There is something obviously limiting this from happening and I'm not sure what it is. Any help would be greatly appreciated. Thanks again!
Fedora core and some newer versions of linux come with stack protections. Fedora especifically has Exec shield by default. Common technicas just wont do due to the fact exec shield will randomize an protect eip from being overwritten. If its your firts time you are trying to exploit a program i recommend you, dissable exec shield or get another distro like slackware 9 or mandrake
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
