Results 1 to 4 of 4

Thread: Stack execution prevention in BT3

  1. #1
    Junior Member
    Join Date
    May 2007
    Posts
    82

    Default Stack execution prevention in BT3

    As BT3 is based around Slackware 12 i wonder if Slackware 12 has invoked a prevention from over-writing the EIP pointer? etc etc. Cause in the past i've been trying to learn about these programming flaws and i do manage to over write the register but not being able to execute to give me a shell. I've followed Aleph one guide on doing this and "Programming linux hacker tools uncovered" by Ivan sklyarov.

    Basically my question really is "Has anyone actually been successful in getting the desired results from guides like Aleph one Smashing the stack"

  2. #2
    Just burned his ISO
    Join Date
    May 2008
    Posts
    15

    Default

    yea, what you want to do is analyze the stack through gdb.
    use the x/50x command. This will print out the stack at a given location for 50 bytes
    "x/50x &buffer" - prints 50 bytes from the start of 'buffer'
    Ive noticed that in Ubuntu and other operating systems, the local variables are not pushed on the stack in correct order so you will have to look and make sure you know where your buffer is actually located. Also you want to run "bt" in gdb to see what the return address should be. Try to locate this return address on the stack and make sure you are writing over it correctly.

    Some things that prevent you from buffer overflows is kernel randomizatioin
    sysctl -w kernel.randomize_va_space=0 - run this in shell

    also use gdb flag '-fno-stack-protector' or else gdb will detect stack smashing and kill the program.

  3. #3
    Junior Member
    Join Date
    May 2007
    Posts
    82

    Default

    I'll give it a go as soon as i get back from work!!! I did bug me tho cause alot of exploits are tested on old OS like red hat 7.2 but much newer OS are more aware of these problems now.

    Thanks for getting back in touch with me

  4. #4
    Junior Member
    Join Date
    May 2007
    Posts
    82

    Default

    Thanks alot works a treat!!!! I knew that there were security features in linux with preventing buffer overflow exploits by randomizing the return address etc etc etc. i think the only way to exploits theses with stack prevention on is to use the libc functions calls like system() etc etc etc.

    Jus like to say a personal thank you! Now i can learn how things work "Under the hood" :-D

    Woop Woop

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •