Vulnerability Development mailing list archives

Re: "Moving" Stack: my poor return address!

From: Andrea Purificato - bunker <bunker () fastwebnet it>
Date: Wed, 2 Aug 2006 01:18:11 +0200

Alle 04:03, martedì 1 agosto 2006, Jack C ha scritto:

I'm running on Fedora 5. Is this a security thing that's new in the past
2 years or so since I've coded one of these? Is there any way I can
either (1) make the stack sit still so I can point into it or (2) find
out where it is during execution?


Hi,

in 2.6 kernel there is a new "feature" about pseudo stack randomization 
through virtual addresses in memory. 
Try to search on google "stack randomization" and similar and you get a lot of 
useful information. There are different technics to bypass this security 
feature, try to play with these:

http://rawlab.mindcreations.com/codes/exp/randstack/exp_call_rand.pl
http://rawlab.mindcreations.com/codes/exp/randstack/exp_jmp_rand.pl

Happy hacking!
-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

Current thread:

"Moving" Stack: my poor return address! Jack C (Aug 01)
- Re: "Moving" Stack: my poor return address! Andrea Purificato - bunker (Aug 02)
- Re: "Moving" Stack: my poor return address! Alexander Klimov (Aug 02)
- Re: "Moving" Stack: my poor return address! Steve Bonds (Aug 02)
- Re: "Moving" Stack: my poor return address! Jon Erickson (Aug 02)
- <Possible follow-ups>
- Re: "Moving" Stack: my poor return address! list-recv (Aug 02)
  - RE: "Moving" Stack: my poor return address! salexander (Aug 02)
  - Re: "Moving" Stack: my poor return address! Javor Ninov (Aug 29)