View Full Version : Stack execution prevention in BT3
07-20-2008, 01:23 PM
As BT3 is based around Slackware 12 i wonder if Slackware 12 has invoked a prevention from over-writing the EIP pointer? etc etc. Cause in the past i've been trying to learn about these programming flaws and i do manage to over write the register but not being able to execute to give me a shell. I've followed Aleph one guide on doing this and "Programming linux hacker tools uncovered" by Ivan sklyarov.
Basically my question really is "Has anyone actually been successful in getting the desired results from guides like Aleph one Smashing the stack"
07-28-2008, 09:49 PM
yea, what you want to do is analyze the stack through gdb.
use the x/50x command. This will print out the stack at a given location for 50 bytes
"x/50x &buffer" - prints 50 bytes from the start of 'buffer'
Ive noticed that in Ubuntu and other operating systems, the local variables are not pushed on the stack in correct order so you will have to look and make sure you know where your buffer is actually located. Also you want to run "bt" in gdb to see what the return address should be. Try to locate this return address on the stack and make sure you are writing over it correctly.
Some things that prevent you from buffer overflows is kernel randomizatioin
sysctl -w kernel.randomize_va_space=0 - run this in shell
also use gdb flag '-fno-stack-protector' or else gdb will detect stack smashing and kill the program.
07-29-2008, 04:12 AM
I'll give it a go as soon as i get back from work!!! I did bug me tho cause alot of exploits are tested on old OS like red hat 7.2 but much newer OS are more aware of these problems now.
Thanks for getting back in touch with me
08-06-2008, 05:51 PM
Thanks alot works a treat!!!! I knew that there were security features in linux with preventing buffer overflow exploits by randomizing the return address etc etc etc. i think the only way to exploits theses with stack prevention on is to use the libc functions calls like system() etc etc etc.
Jus like to say a personal thank you! Now i can learn how things work "Under the hood" :-D