Havering about Stack Buffer Overflow Basic in x64

Posted by with No comments


Stack Buffer Overflow

       Before entering to content, I just want to say.... I am very happy, jubilant, and excited! Maybe with most of people this is very easy challenge, of course, it's basic challenge! However with me, a person, who have started for a short time, it is a big problem. OK! Come back to our Stack Buffer Overflow. The challenge I mentions to, this is ELF x64 - Stack buffer overflow - basic in root-me. I'll not analyzing deeper about this challenge because of forbiden, I just havering about Overflow!

Let's begin.

       Before solving it, I read some docs which root-me give as hint. This is EN - 64 Bits Linux Stack Based Buffer Overflow.pdf .
This is the first time I read a docs about 64-bits Stack! So wtf? Everything is nameless, strange with me! I do not know that "Do it know who I am?" , but I extractly that, I do not know what is it! First impression is RIP. :v I thought that it's kidding me, dafug, RIP, what is 'RIP'? Rest in Peace? maybe :D. But no, It is Instruction Pointer like EIP, however, in 64-bits every 'E' is 'R'. That the reason why I saw RIP, RSP,..

       Next to, it's size of memory address, there are a lot of different between 32-bits and 64-bits. In 64-bits user space just only use first 47-bits. If we pass parameters greater than 47-bits one, I'll raise exceptions.
This is original text: 

So memory addresses are 64 bits long,but user space only uses the first 47 bits; keep this in mind because if you specified an address greater than 0x00007fffffffffff, you'll raise an exception. So that means that 0x4141414141414141 will raise exception, but the address 0x0000414141414141 is safe.

       Saying maybe easy, in fact, I down-at-heel with them! :D I spend a evening to check, test, and to try anyways to do them. :downface:

    
      When I see the source code, I immediately think about address of 'CallMeMaybe' function! Right! I found its address, It's very simple!
And then I must put this address in somewhere, at which program can excute at sometimes. As we know, all program when begin, it's always push return address into stack :D, so that we can take advantage of it :p. That's easy, write a payload by any programing language you like and exploit! :D Ez.. I spent more than two days to read docs, try hard to solve it! :v Ez --> spent 2 days :v
07:56:00

0 nhận xét:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)
Được tạo bởi Blogger.