Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-24-2007, 09:20 PM
|
#1
|
LQ Newbie
Registered: Mar 2007
Posts: 12
Rep:
|
Problem in writing exploit code under linux !
hi .
for just education purpose and prevention linux for buffer overflow attacks ... i'm learning exploiting .
I read an article : how to write exploit for simple buffer overflow .
very simple !
i learned all things in article .
but when i write exploit for this BOF or copy the exploit of the article . I compiled and then run the exploit .
in the article the normal user($) come into root(#) but when i run the exploit the ($) not drop into shell (#) .
where is the problem ?
in the article it havn't any problem.
I running this simple buffer overflow exploit under linux fedora core4
one of my friends told to me : your version of kernel is 2.4 and this is protected from BOF ! but with nice try became bypass this .
please help me .
i don't know what's the problem ?!?
|
|
|
03-24-2007, 09:23 PM
|
#2
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
Buffer overflows are not exploitable under Linux, on a current system. Even for "educational" reasons.
|
|
|
03-24-2007, 09:35 PM
|
#3
|
LQ Newbie
Registered: Mar 2007
Posts: 12
Original Poster
Rep:
|
tnx my brother for ur answer .
but i dont understand your purpuse .
if linux BOF's is not exploitable so there is very exploits for linux that work on linux kernel 2.6 even . (local root)
plz tell me ur purpuse .... tnx .
may be in new ur purpuse right .........
|
|
|
03-24-2007, 09:50 PM
|
#4
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
If you are running something on root, it is not an exploit. The root user has unlimited (except for SELinux mandatory access controls...) control of the system.
An "exploit" takes place from outside the machine (via a network interface). If you are able to obtain root authority via a local login of a non-root user, that is a privilege escalation.
All such known methods are no longer functional in a current system with all security layers active (Fedora Core, for example).
You can certainly find old, unmaintained systems, or systems with security layers disabled. But what's the point? They have access to the resolution once an exploit is detected. The source is open, so it's not exactly a challenge (you'll get more recognition by properly reporting the bug). Buffer overflows are a 1990's problem.
In short, what are your motivations? They're certainly not educational, or you would be concentrating on learning the technologies that prevent exploits on Linux.
Last edited by macemoneta; 03-24-2007 at 09:52 PM.
|
|
|
03-24-2007, 10:05 PM
|
#5
|
LQ Newbie
Registered: Mar 2007
Posts: 12
Original Poster
Rep:
|
My brother .. tnx for your nice descriptions .
but I like C - Asm programming .
and try too learning all thing relative to c - asm programming under linux and windows .
but ... one of my friends wrote an article with name : " Protection and bypassing the linux Kernel " .
are u'r purpose this : the linux with the new kernel and default protection not exploitable !?!?
and i saied to you : my user is normal user when I run the explit .
why dop into shell !?
when the author running exploit with normal user he dropped into shell and when running the " whoami "command after running exploit the result of terminal is root . and he is root
but where is the problem that when I running and execute the exploit it don't drop into shell and when I running whoamicommand I am still normal user ( (
plz help me.
|
|
|
03-24-2007, 10:15 PM
|
#6
|
LQ Newbie
Registered: Mar 2007
Posts: 12
Original Poster
Rep:
|
excuse me....
this is a local root exploit for kernel 2.6
Linux Kernel 2.6.13 <= 2.6.17.4 prctl() Local Root Exploit (logrotate)
// removed possible exploit --crabboy
Last edited by crabboy; 03-25-2007 at 08:54 PM.
|
|
|
03-24-2007, 10:20 PM
|
#7
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
It's very hard to understand you, as your English is very poor.
I think the problem is that you are assuming the kernel is the only obstacle to an exploit. As the link I pointed you to explains, Linux security in a modern system is composed of multiple layers of protection mechanisms.
You can certainly find a kernel exploit! But in order to actually make it effective, you must find an exploit in each layer of security and code hardening that allows that particular exploit to be effective.
As I said, there are no known exploits that can do that in a current system, with all security layers active.
|
|
|
03-24-2007, 10:23 PM
|
#8
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
In response to your "exploit", the current kernel is 2.6.20, so your exploit is ineffective, even if only the kernel were involved. As I pointed out earlier, what you are describing is not an exploit, but a privilege escalation. It requires that an actual exploit be used first, in order to obtain access to the system.
If you're going to act like a hacker, at least learn the terminology.
|
|
|
03-24-2007, 10:31 PM
|
#9
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
Let this be a lesson to you folks that don't keep current on your systems; we have 11-year olds with no language skills that want to pwn your stuff!
I recommend the admin close this thread.
|
|
|
03-24-2007, 10:40 PM
|
#10
|
LQ Newbie
Registered: Mar 2007
Posts: 12
Original Poster
Rep:
|
wooooow .
I'm sorry my dear brother .
now ... I understand your purpuse !
nice description .
and excuse me for my poor english language ... because I come from Iran ;
and i promise to you that learning english good .
excuse me really .
Last edited by *Mafia*; 03-24-2007 at 10:41 PM.
|
|
|
03-24-2007, 11:50 PM
|
#11
|
LQ Guru
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594
|
Bizarre.. Strikes me that more than one soul is posting as *mafia* here, hence the grammatical inconsistencies.
|
|
|
03-25-2007, 08:52 PM
|
#12
|
Senior Member
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,821
Rep:
|
LQ is not a place to share or learn how to use exploits.
Closing thread
|
|
|
All times are GMT -5. The time now is 01:02 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|