Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: shellcoding on gentoo

Re: shellcoding on gentoo

From: Mike Davis <mdavis_at_imperfectnetworks.com>
Date: Tue, 21 Feb 2006 15:11:53 -0500

just out of curiosity.. i tried out your code as presented (using
gcc/gdb/p4/gentoo)

phar_at_foster ~ $ uname -a
Linux foster 2.4.30-grsec-2.1.5 #8 Mon Aug 29 15:20:57 EDT 2005 i686
Intel(R) Celeron(R) CPU 2.40GHz GenuineIntel GNU/Linux

(gdb) disassemble main
Dump of assembler code for function main:
0x08048354 <main+0>: xor %eax,%eax
0x08048356 <main+2>: xor %ebx,%ebx
0x08048358 <main+4>: mov $0x1,%eax
0x0804835d <main+9>: int $0x80
0x0804835f <main+11>: leave
(gdb) run
Starting program: /home/phar/a.out

Program exited normally.
(gdb) break main
Breakpoint 1 at 0x8048354
(gdb) display /i $eip
(gdb) run
Starting program: /home/phar/a.out

Breakpoint 1, 0x08048354 in main ()
Breakpoint 1 at 0x8048354
1: x/i $eip 0x8048354 <main>: xor %eax,%eax
(gdb) stepi
0x08048356 in main ()
1: x/i $eip 0x8048356 <main+2>: xor %ebx,%ebx
(gdb)
0x08048358 in main ()
1: x/i $eip 0x8048358 <main+4>: mov $0x1,%eax
(gdb)
0x0804835d in main ()
1: x/i $eip 0x804835d <main+9>: int $0x80
(gdb)

Program exited normally.

-phar

----- Original Message -----
From: "Borja" <padre_at_correo.ugr.es>
To: <vuln-dev_at_securityfocus.com>
Sent: Sunday, February 19, 2006 7:56 PM
Subject: Re: shellcoding on gentoo

> Hi
>
> Lot of ppl tell me that I did not proper zero the EAX register,so 3 MSB of
> eax corrupt trapping the syscall, but Its OK.
> I successfully run the shellcodes on a debian box,but in gentoo,allways
> SEGFAULT.
>
> There is it, a new log:
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
> petalo shellcode # cat 1.asm
> BITS 32
>
> ;exit()
> xor eax,eax
> xor ebx,ebx
> mov eax,1
> int 0x80
>
> petalo shellcode # nasm -g -f elf 1.asm
> petalo shellcode # ld 1.o
> ld: warning: cannot find entry symbol _start; defaulting to
> 00000000080480a0
> petalo shellcode # ./a.out
> Segmentation fault
> petalo shellcode # gdb -q a.out
> Using host libthread_db library "/lib/libthread_db.so.1".
> (gdb) break 1
> Breakpoint 1 at 0x80480a0: file 1.asm, line 1.
> (gdb) r
> Starting program: /root/code/shellcode/a.out
>
> Program terminated with signal SIGSEGV, Segmentation fault.
> The program no longer exists.
> You can't do that without a process to debug.
> (gdb) q
>
> petalo shellcode #
> Linux petalo 2.6.12-gentoo-r6 #9 Sat Dec 24 14:37:56 CET 2005 i686 AMD
> Athlon(tm) XP 1600+ AuthenticAMD GNU/Linux
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> I cant explain why SIGFAULT.
> I did not edit any advanced kernel configurations rather than snd card and
> ethernet.
>
> Thanks in advance.
>
Received on Feb 21 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos