Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

stack overflow help ..

From: gaurav saha <gauravsaha007 () yahoo com>
Date: Thu, 25 Jan 2007 15:27:11 -0800 (PST)
Hi, 
i am new to this stack overflow issue.

i am using fc3 (kernel 2.6.12-1.1381)

i have modified this few sysctl keys to these values.

kernel.overflowgid = 0
kernel.overflowuid = 0
fs.overflowgid = 0
fs.overflowuid = 0
kernel.randomize_va_space = 0


i am still unable to overwrite EIP

========= vuln1.c ===========
int main(int argc, char **argv)
{
        char buf[1024];
        strcpy(buf, argv[1]);
return 0;
}
====== end of vuln1.c =======

$gcc -ggdb vuln1.c -o v1
$gdb ./v1
.
.
.
.
(gdb) run `perl -e 'print "A"x1024'`
Starting program:
/home/gaurav/test/challenges/challenges/buf/v1 `perl
-e 'print "A"x1024'`
Reading symbols from shared object read from target
memory...(no debugging symbols found)...done.
Loaded system supplied DSO at 0xb5c000
(no debugging symbols found)...(no debugging symbols
found)...
Program exited with code 0120.
(gdb) run `perl -e 'print "A"x1028'`
warning: cannot close "shared object read from target
memory": File in wrong format
Starting program:
/home/gaurav/test/challenges/challenges/buf/v1 `perl
-e 'print "A"x1028'`
Reading symbols from shared object read from target
memory...(no debugging symbols found)...done.
Loaded system supplied DSO at 0x247000
(no debugging symbols found)...(no debugging symbols
found)...
Program exited with code 0100.
(gdb) run `perl -e 'print "A"x1036'`
warning: cannot close "shared object read from target
memory": File in wrong format
Starting program:
/home/gaurav/test/challenges/challenges/buf/v1 `perl
-e 'print "A"x1036'`
Reading symbols from shared object read from target
memory...(no debugging symbols found)...done.
Loaded system supplied DSO at 0x807000
(no debugging symbols found)...(no debugging symbols
found)...
Program received signal SIGSEGV, Segmentation fault.
0x00ac8e0d in __libc_start_main () from
/lib/tls/libc.so.6
(gdb) info reg
.
.
ebx            0xbdaff4 12431348
esp            0xbffff350       0xbffff350
ebp            0x41414141       0x41414141
esi            0xbffff3d4       -1073744940
edi            0xbffff360       -1073745056
eip            0xac8e0d 0xac8e0d
eflags         0x210286 2163334
.
.
(gdb) run `perl -e 'print "A"x1040'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1044'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1048'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1052'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 
(gdb) run `perl -e 'print "A"x1056'`
Program received signal SIGSEGV, Segmentation fault.
0x080483a2 in main ()
(gdb) i r
ebp            0x41414141       0x41414141
eip            0x80483a2        0x80483a2 

and this keeps continuing ... no matter how many i
increase ... 
and i can't figure out what problem it is ...

thanks and adieu 
----gaurav


 
____________________________________________________________________________________
Now that's room service!  Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097
Previous By Date Next
Previous By Thread Next

Current thread: