Differences
This shows you the differences between two versions of the page.
|
cns:labs:lab-02 [2021/10/18 15:27] ricardo.ungureanu [Tasks] |
cns:labs:lab-02 [2022/10/17 19:18] (current) mihai.dumitru2201 [2. Shellcode] |
||
|---|---|---|---|
| Line 864: | Line 864: | ||
| - How do we actually use the data from this .o file? What symbols are exported? | - How do we actually use the data from this .o file? What symbols are exported? | ||
| * <code> | * <code> | ||
| - | $ readelf -s ./mycode.bin.o | + | $ nm ./mycode.bin.o |
| 0000000000000035 D _binary___mycode_bin_end | 0000000000000035 D _binary___mycode_bin_end | ||
| 0000000000000035 A _binary___mycode_bin_size | 0000000000000035 A _binary___mycode_bin_size | ||
| Line 883: | Line 883: | ||
| - The stack is still executable, remove this flag! | - The stack is still executable, remove this flag! | ||
| * ''execstack -c ./my'' | * ''execstack -c ./my'' | ||
| + | |||
| + | <note> | ||
| + | If you're missing the ''execstack'' binary on the Kali VM (or on any Debian-based distribution), manually download and install it: | ||
| + | |||
| + | <code> | ||
| + | # curl -LO http://ftp.de.debian.org/debian/pool/main/p/prelink/execstack_0.0.20131005-1+b10_amd64.deb | ||
| + | # dpkg -i execstack_0.0.20131005-1+b10_amd64.deb | ||
| + | </code> | ||
| + | |||
| + | If installation freezes, cancel it then try again. | ||
| + | |||
| + | </note> | ||
| + | |||
| - Why does ''execstack -c ./*.o'' throw an error? | - Why does ''execstack -c ./*.o'' throw an error? | ||
| * ''execstack'' has to have information about the segments, information which is only available after the linking process | * ''execstack'' has to have information about the segments, information which is only available after the linking process | ||
| Line 1019: | Line 1032: | ||
| ==== 5. Memory Dump Analysis ==== | ==== 5. Memory Dump Analysis ==== | ||
| - | Using your newfound voodoo skills you are now able to tackle the following task. In the middle of two programs I added the following lines: | + | Let's consider the way programs run. |
| + | Consider the length of addresses for a given system and note that: | ||
| + | * there is a 3GB / 1GB user-mode / kernel-mode split for an i386 system | ||
| + | * that split is not the case for a 32bit program running on 64bits, it uses the entire 4GB of required virtual page | ||
| + | |||
| + | In the middle of two programs I added the following lines: | ||
| <code c> | <code c> | ||
