niedziela, 19 lipca 2020

Bypassing NX with ASLR on Ubuntu

Quick example of a challenge I found online (and modified a little bit to practice bypassing ASLR with NX). Below you'll find the details. Here we go...

Today we'll start here:


Simple example but good enough to give it a try. My settings:


More:

 

Starting the program (with b *main to get vmmap for libc):

 

 Collecting details to build a chain (libc -> system() + exit() + /bin/sh):

 

Calculations:

 

Preparing a skeleton poc:

 

So at this stage I decided to prepare a pattern (using gdb-peda and pattern create command but feel free to use GEF instead of):


Restarting and we should be somewhere here:


Modifying our skeleton poc:


 And as a one of the way to bypass ASLR we'll use a simple loop :) like this:


After a while - we should be here:


Looks like it's done :)



Special thanks goes to my Patreon: Daniel.
You are AWESOME! ;)

See you next time!


Cheers





Posted by at
Labels: , , , , , ,

Brak komentarzy:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)