Linux缓冲区溢出
FUZZING
Crossfire
1.9.0版本接受入展socket连接时攒在缓冲区溢出漏洞
调试工具
edb
运行平台
Kali i486虚拟机
root@kali:~# cd /usr/games/
root@kali:/usr/games# ls
crossfire
root@kali:/usr/games# rm -rf crossfire
root@kali:~# mv crossfie.tar.gz /usr/games/
root@kali:~# cd /usr/games/
root@kali:/usr/games# ls
crossfire.tar.gz
root@kali:/usr/games# tar zxpf cossfire.tar.gz
root@kali:/usr/games# ls
crossfile crossfire.tar.gz
root@kali:/usr/games# ls -l
total 4860
drwxr-xr-x 8 root root 4096 Feb 10 2010 crossfire
-rwxrwx--- 1 root root 4968636 Aug 31 09:12 crossfire.tar.gz
root@kali:/usr/games# cd crossfire/
root@kali:/usr/games/crossfire# ls
bin etc lib man share var
root@kali:/usr/games/crossfire# cd bin/
root@kali:/usr/games/crossfire/bin# ls
crossedit crossfire-config crossloop-pl player_dl.pl
crossfire crossloop crossloop.web
root@kali:/usr/games/crossfire/bin# ./crossfire
Unable to open /var/log/crossfire/logfile as the logfile - will use stderr instead
Couldn't find archetypt horn_waves
Warning: failed to find arch horn_waves
Couldn't find treasurelist sarcophagus
Filed to link treasure to arch (sarcophagus_container): sarcophagus
Welcome to CrossFile. v1.9.0
Copyright (C) 1994 Mark Wedel
Copyright (C) 1992 Frank Tore Johansen.
----------registering SIGPIPE
Initializing plugins
Plugins directory is /usr/games/crossfire/lib/crossfir/plugins/
-> Loading plugin : cfpython.so
Error trying to load /usr/games/crossfire/lib/crossfir/plugins/cfpython.so: lib
python2.5.so.1.0: cannot open shared object file: No such file or directory
-> Loading plugin : cfpython.so
CFAnim 2.0a init
CFAnim 2.0a post init
Warting for connections...
逆向工程---->edb-debugger
ollydbg
FUZZING
本机调试
iptables -A INPUT -p tcp --destination-port 4444 \! -d 127.0.0.1 -j DROP
iptables -A INPUT -p tcp --destination-port 13327 \! -d 127.0.0.1 -j DROP
root@kali:/usr/games/crossfire/bin# iptables -A INPUT -p tcp --destination-port 4444 \! -d 127.0.0.1 -j DROP
root@kali:/usr/games/crossfire/bin# iptables -A INPUT -p tcp --destination-port 13327 \! -d 127.0.0.1 -j DROP
root@kali:/usr/games/crossfire/bin# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere !localhost tcp dpt:4444
DROP tcp -- anywhere !localhost tcp dpt:13327
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source