LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Closed Thread
  Search this Thread
Old 03-24-2007, 09:20 PM   #1
*Mafia*
LQ Newbie
 
Registered: Mar 2007
Posts: 12

Rep: Reputation: 0
Problem in writing exploit code under linux !


hi .
for just education purpose and prevention linux for buffer overflow attacks ... i'm learning exploiting .
I read an article : how to write exploit for simple buffer overflow .
very simple !
i learned all things in article .
but when i write exploit for this BOF or copy the exploit of the article . I compiled and then run the exploit .
in the article the normal user($) come into root(#) but when i run the exploit the ($) not drop into shell (#) .
where is the problem ?
in the article it havn't any problem.
I running this simple buffer overflow exploit under linux fedora core4
one of my friends told to me : your version of kernel is 2.4 and this is protected from BOF ! but with nice try became bypass this .
please help me .
i don't know what's the problem ?!?
 
Old 03-24-2007, 09:23 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
Buffer overflows are not exploitable under Linux, on a current system. Even for "educational" reasons.
 
Old 03-24-2007, 09:35 PM   #3
*Mafia*
LQ Newbie
 
Registered: Mar 2007
Posts: 12

Original Poster
Rep: Reputation: 0
tnx my brother for ur answer .
but i dont understand your purpuse .
if linux BOF's is not exploitable so there is very exploits for linux that work on linux kernel 2.6 even . (local root)
plz tell me ur purpuse .... tnx .
may be in new ur purpuse right .........
 
Old 03-24-2007, 09:50 PM   #4
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
If you are running something on root, it is not an exploit. The root user has unlimited (except for SELinux mandatory access controls...) control of the system.

An "exploit" takes place from outside the machine (via a network interface). If you are able to obtain root authority via a local login of a non-root user, that is a privilege escalation.

All such known methods are no longer functional in a current system with all security layers active (Fedora Core, for example).

You can certainly find old, unmaintained systems, or systems with security layers disabled. But what's the point? They have access to the resolution once an exploit is detected. The source is open, so it's not exactly a challenge (you'll get more recognition by properly reporting the bug). Buffer overflows are a 1990's problem.

In short, what are your motivations? They're certainly not educational, or you would be concentrating on learning the technologies that prevent exploits on Linux.

Last edited by macemoneta; 03-24-2007 at 09:52 PM.
 
Old 03-24-2007, 10:05 PM   #5
*Mafia*
LQ Newbie
 
Registered: Mar 2007
Posts: 12

Original Poster
Rep: Reputation: 0
My brother .. tnx for your nice descriptions .
but I like C - Asm programming .
and try too learning all thing relative to c - asm programming under linux and windows .
but ... one of my friends wrote an article with name : " Protection and bypassing the linux Kernel " .
are u'r purpose this : the linux with the new kernel and default protection not exploitable !?!?
and i saied to you : my user is normal user when I run the explit .
why dop into shell !?
when the author running exploit with normal user he dropped into shell and when running the " whoami "command after running exploit the result of terminal is root . and he is root
but where is the problem that when I running and execute the exploit it don't drop into shell and when I running whoamicommand I am still normal user ( (
plz help me.
 
Old 03-24-2007, 10:15 PM   #6
*Mafia*
LQ Newbie
 
Registered: Mar 2007
Posts: 12

Original Poster
Rep: Reputation: 0
excuse me....
this is a local root exploit for kernel 2.6
Linux Kernel 2.6.13 <= 2.6.17.4 prctl() Local Root Exploit (logrotate)


// removed possible exploit --crabboy

Last edited by crabboy; 03-25-2007 at 08:54 PM.
 
Old 03-24-2007, 10:20 PM   #7
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
It's very hard to understand you, as your English is very poor.

I think the problem is that you are assuming the kernel is the only obstacle to an exploit. As the link I pointed you to explains, Linux security in a modern system is composed of multiple layers of protection mechanisms.

You can certainly find a kernel exploit! But in order to actually make it effective, you must find an exploit in each layer of security and code hardening that allows that particular exploit to be effective.

As I said, there are no known exploits that can do that in a current system, with all security layers active.
 
Old 03-24-2007, 10:23 PM   #8
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
In response to your "exploit", the current kernel is 2.6.20, so your exploit is ineffective, even if only the kernel were involved. As I pointed out earlier, what you are describing is not an exploit, but a privilege escalation. It requires that an actual exploit be used first, in order to obtain access to the system.

If you're going to act like a hacker, at least learn the terminology.
 
Old 03-24-2007, 10:31 PM   #9
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
Let this be a lesson to you folks that don't keep current on your systems; we have 11-year olds with no language skills that want to pwn your stuff!

I recommend the admin close this thread.
 
Old 03-24-2007, 10:40 PM   #10
*Mafia*
LQ Newbie
 
Registered: Mar 2007
Posts: 12

Original Poster
Rep: Reputation: 0
wooooow .
I'm sorry my dear brother .
now ... I understand your purpuse !

nice description .
and excuse me for my poor english language ... because I come from Iran ;
and i promise to you that learning english good .
excuse me really .

Last edited by *Mafia*; 03-24-2007 at 10:41 PM.
 
Old 03-24-2007, 11:50 PM   #11
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556
Bizarre.. Strikes me that more than one soul is posting as *mafia* here, hence the grammatical inconsistencies.
 
Old 03-25-2007, 08:52 PM   #12
crabboy
Senior Member
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,821

Rep: Reputation: 121Reputation: 121
LQ is not a place to share or learn how to use exploits.

Closing thread
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
writing a stack overflow exploit on Linux lostinvietnam Programming 11 03-07-2007 10:46 PM
LXer: Democratization, Writing and Writing Code LXer Syndicated Linux News 0 11-22-2006 06:03 AM
LXer: Firefox targeted with exploit code LXer Syndicated Linux News 0 12-14-2005 09:31 AM
LXer: Firefox 1.5 exploit code released LXer Syndicated Linux News 1 12-13-2005 06:53 AM
SSH remote exploit code... khermans Linux - Security 1 10-01-2003 04:28 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 01:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration