Penetration Testing mailing list archives
Re: Format String Vulnerabilities
From: "rajat swarup" <rajats () gmail com>
Date: Fri, 18 May 2007 17:40:19 -0400
On 5/18/07, Mike Gibson <micheal.gibson () gmail com> wrote:
I have a custom application that I am using to learn a little more about format string vulnerabilities. It is basically an echo server. I have been able to exploit the vulnerability and write data to memory on the server however the problem I am seeing is that I want to overwrite EIP but every time the application runs the stack seems to be at a different location. Does anyone know if Red Hat 9 has any form of stack protection? If so is there a way to disable it?
Red hat 9 randomizes stack addresses. You can disable it by using: echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf /sbin/sysctl -p /etc/sysctl.conf James foster's book says: "You can disable ExecShield with the command: sysctl -w kernel.exec-shield=0 or just the randomization with the command: sysctl -w kernel.exec-shield-randomize=0" Please let me know how it works out. HTH, Rajat Swarup http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Format String Vulnerabilities Mike Gibson (May 18)
- Re: Format String Vulnerabilities Pranay Kanwar (May 18)
- Re: Format String Vulnerabilities rajat swarup (May 18)
- <Possible follow-ups>
- Re: Format String Vulnerabilities andy . x . johnson (May 18)