Vulnerability Development mailing list archives
Re: Buffer Overflow Help
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Wed, 10 Nov 2004 14:48:03 +0100 (CET)
I am trying to learn how to write a basic stack buffer overflow on linux. The program that I am exploiting is:
Hey eip, I'm not sure what's happening here: have you changed something in the environment between the two vulnerable program executions? 0xbffff5b4 is far different from 0xbfffe434... You should check the stack contents and compare them to find out the reason why $esp is changing. Check also that you don't have any stack-base randomization protection in place and stuff like that: i don't know if RH is doing something particular here and i don't have a new Linux box handy to test it on my own. You may also want to take a look at the exploit examples here (especially abo1-ex2.c that uses the ret-into-envp technique): http://www.0xdeadbeef.info/code/abo-exploits.tgz http://www.0xdeadbeef.info/code/linux-x86-exploits.tgz Hope this helps, -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
Current thread:
- Buffer Overflow Help eip (Nov 09)
- Re: Buffer Overflow Help Harry de Grote (Nov 10)
- Re: Buffer Overflow Help runixd (Nov 10)
- <Possible follow-ups>
- RE: Buffer Overflow Help Carlos Carvalho (Nov 10)
- Re: Buffer Overflow Help Steve Bonds (Nov 12)
- Re: Buffer Overflow Help Marco Ivaldi (Nov 12)
- Re: Buffer Overflow Help sin (Nov 12)
- Re: Buffer Overflow Help Steve Bonds (Nov 14)
- RE: Buffer Overflow Help Chris Eagle (Nov 15)
- Re: Buffer Overflow Help Steve Bonds (Nov 15)
- Re: Buffer Overflow Help sin (Nov 12)
- Re: Buffer Overflow Help Harry de Grote (Nov 10)