Penetration Testing mailing list archives
Re: Buffer Overflow Experiment
From: "Rick Zhong" <sagiko () gmail com>
Date: Fri, 14 Sep 2007 17:34:26 +0800
Hi, Since you are using Fedora, have you disabled kernel.exec-shield ? the va randomize i.e. kernel.exec-shield-randomize is only one of the exec-shield features... So you may want to disable the whole exec-shiedl to test your code. regards, Rick On 9/13/07, Alcides <alcides.hercules () gmail com> wrote:
Hi List,
I was wondering if someone has already done this.
I'm testing a small program written in C, especially coded for testing
buffer overflow.
In source code, I have assigned char buffer[512]; I compile with gcc and
run on bash.
As soon as I pass "512" characters as argument("A"x512--being precise),
the program gives " Segmentation fault (core dumped )" -->as desired.
1] Using GDB debugger, it has been verified that the extended
instruction pointer EIP has been overwritten, as expected.
(EIP-->0x41414141)
2] But, on passing "513" chars. argument, the EIP becomes 0x0 -->WHY
3]On passing 520 chars. argument, EIP takes 'some' value and EBP
becomes 0x41414141
4]Thereafter, every increment by 1 --> in input characters causes EIP to
remain the same as that 'some' value and EBP to take various incremental
values.
every time, for several unit increments
[I am using: 2.6.21-1.3194.fc7 kernel, i686, Disabled VA randomization]
Any views that help me understand why EIP becomes 0, are welcome.
Thanks.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Buffer Overflow Experiment Alcides (Sep 13)
- Re: Buffer Overflow Experiment Amit Bagree (Sep 14)
- Re: Buffer Overflow Experiment Justin Ferguson (Sep 14)
- Re: Buffer Overflow Experiment Amit Bagree (Sep 25)
- Re: Buffer Overflow Experiment Justin Ferguson (Sep 14)
- Re: Buffer Overflow Experiment Rick Zhong (Sep 14)
- Re: Buffer Overflow Experiment Amit Bagree (Sep 14)