LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 11-10-2004, 05:03 PM   #1
neophytic
LQ Newbie
 
Registered: Nov 2004
Posts: 4

Rep: Reputation: 0
EIP issues with newer versions of Linux


Hi,

I'm an aspiring security specialist and am currently working on my first buffer overflow. (using The Shellcoders Handbook by Jack Koziol.)
However, while it seems to work on older versions of linux, in fedora core 2 I can not overwrite EIP no matter how hard I try. EBP no problem but not EIP. Anyways, any help or direction would be fantastic. Thanks in advance.

Neo
 
Old 11-10-2004, 08:34 PM   #2
penguin4
Senior Member
 
Registered: May 2004
Location: california
Distribution: mdklinux8.1
Posts: 1,209

Rep: Reputation: 45
neophytic; attempt to program with c++, c or visual basic. from info are u dealing with a hispeed
system? as u know EIP deals with program counter. either address or instruction registers.
logic, constants and counters check:
calculate,compare and copy. or u dealing with corporate system? that is another twist.
 
Old 11-10-2004, 09:03 PM   #3
neophytic
LQ Newbie
 
Registered: Nov 2004
Posts: 4

Original Poster
Rep: Reputation: 0
Sorry for being so indescriptive. I created a fedora core 2 system to play around on. I created a program in C listed here:

void return_input(void)
{
char array[30];

gets (array);
printf("%s\n", array);

}

main()
{
return_input();
return 0;

Obviously, there is a glaring overflow vulnerability within the return_input function. I compiled the program with gcc using the -mpreferred-stack-boundary=2 -ggdb option listed here:

[neophyte@localhost overflow_pg19]$ gcc -mpreferred-stack-boundary=2 -ggdb overflow.c

/tmp/ccsyJRjA.o(.text+0xb): In function `return_input':
/home/neophyte/code/shellcoders_handbook/overflow_pg19/overflow.c:5: warning: the `gets' function is dangerous and should not be used.

[neophyte@localhost overflow_pg19]$ ./overflow AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation Fault (core dumped)

then:

[neophyte@localhost overflow_pg19]$ gdb overflow core.xxxxxx

info registers

and here we have it: ebp is x41414141 (cap A's)
and unfortunately eip is x80483c8

it seems no matter what I do I can not override eip. There is something obviously limiting this from happening and I'm not sure what it is. Any help would be greatly appreciated. Thanks again!

-Neophytic
 
Old 11-16-2004, 04:59 PM   #4
freakz
LQ Newbie
 
Registered: Nov 2004
Posts: 2

Rep: Reputation: 0
Fedora core and some newer versions of linux come with stack protections. Fedora especifically has Exec shield by default. Common technicas just wont do due to the fact exec shield will randomize an protect eip from being overwritten. If its your firts time you are trying to exploit a program i recommend you, dissable exec shield or get another distro like slackware 9 or mandrake
 
Old 11-16-2004, 09:12 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.

http://www.linuxquestions.org/rules.php

Please direct replies to:
http://www.linuxquestions.org/questi...hreadid=253451
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
newer Mandrake versions auto-update features paranoid times Linux - Newbie 2 01-12-2005 01:32 AM
Problems with Linux BAD EIP VALUE msansot Linux - Hardware 0 09-21-2004 03:26 PM
Looking for NEWER Linux Commercial Caldrin General 3 07-23-2004 03:51 PM
USB Modems etc. (CDCEther) in newer kernel versions fnoble Linux - Networking 0 07-31-2003 07:49 AM
Just to make sure (slackware/newer versions) vexer Slackware 1 01-17-2003 03:28 PM


All times are GMT -5. The time now is 06:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration