Linux Buffer Overflow x86 with GDB
Hey hackers,
Hey hackers,
Today, i am writing a blog about how to exploit a basic stack overflow.
Let’s get started ….
Tools required
Exploit
Let’s assume that we are doing a pentesting or CTF and get access to the target machine. Then, we find a binary which we want to use for PrivEsc as it is less noisy than some of the other kernel exploits.
run gdb and disassemble the main,
set a break point for ‘strcpy’ and run the binary. then, analyse the input to the strcpy function.
Now, pass input to the binary using pattern create
we will get a seg fault now
let’s look for the patter ‘wA%Z’. It says, it is found at 390
No, we have to find where the crash starts
we see that it starts at 0xffffd160 + 0x06 = 0xffffd166
Now, we need to find the same location for the binary with gdb as the memory location varies when we add it to gdb.
it will be easy to do with core dump. Now, we need to get a core dump.
# only binaries without suid will generate core dump. so, we need to copy the binary and ulimit.
Here, python script exploit.py/shellcode.py just prints 390 A’s and 4 B’s.
let’s put the shellcode at 0xffffd210.
for shellcode, use the given below
`\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80` -> execve(/bin/sh)
run the exploit,
Please give a clap if you found it to be useful and follow me to get more hacking knowledge.