第一个任务,了解buffer overflow.
我是64位的,
64-bit, what you need to know
For the purpose of this tutorial, you should be aware of the following points:
- General purpose registers have been expanded to 64-bit. So we now have RAX, RBX, RCX, RDX, RSI, and RDI.
- Instruction pointer, base pointer, and stack pointer have also been expanded to 64-bit as RIP, RBP, and RSP respectively.
- Additional registers have been provided: R8 to R15.
- Pointers are 8-bytes wide.
- Push/pop on the stack are 8-bytes wide.
- Maximum canonical address size of 0x00007FFFFFFFFFFF.
- Parameters to functions are passed through registers.
用到的工具:
我的 requirements:http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Buffer_Overflow/Buffer_Overflow.pdf:
但实际上我觉得这是一个非常渣的教程,问题设置的不错但是过程太笨了,所以找到另一个:
http://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/
总结下:
先大胆overflow掉return address,然后用pattern检查具体是那一组把rip overwrite掉了($rsp),然后
再次overflow 此时用shellcode覆盖,就ok啦.说起来很简单,但其中道理却很多哈哈哈。
note:
Address Randomization: 这个会报Segmentation fault (core dumped),我觉得如果循环时间长总会碰到对的。
Stack Guard: *** stack smashing detected ***: ./classic terminated 直接杀死
Non-executable Stack: Segmentation fault (core dumped) only makes it impossible to run shellcode on the stack
扫一扫
966
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
