Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Beating memory address randomization (secuirty) features in Unix/Linux

Re: Beating memory address randomization (secuirty) features in Unix/Linux

From: Andrea Purificato - bunker <bunker_at_fastwebnet.it>
Date: Mon, 3 Apr 2006 23:04:25 +0200

Alle 15:52, sabato 25 marzo 2006, hd12787_at_yahoo.com ha scritto:
> I've studied how to beat memory adress randomization. Does anyone know how
> to beat memory address randomization in Unix/Linux?

Today i've studied the problem on my linux box (2.6.15.6), and i've written
two case study samples on the false line of "xgc" message:

[jmp *%esp technic]
http://rawlab.altervista.org/codes/exp/randstack/exp_jmp_rand.pl

[call *%edx technic]
http://rawlab.altervista.org/codes/exp/randstack/exp_call_rand.pl

This second case study was developed trying to exploit famous "abo3.c"
vulnerable program (see gera advanced overflow contest).

I hope you like that! 

-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.
http://rawlab.altervista.org
Received on Apr 03 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos