Re: Beating memory address randomization (secuirty) features in Unix/Linux
- From: Andrea Purificato - bunker <bunker@xxxxxxxxxxxxx>
- Date: Mon, 3 Apr 2006 23:04:25 +0200
Alle 15:52, sabato 25 marzo 2006, hd12787@xxxxxxxxx ha scritto:
I've studied how to beat memory adress randomization. Does anyone know how
to beat memory address randomization in Unix/Linux?
Today i've studied the problem on my linux box (2.6.15.6), and i've written
two case study samples on the false line of "xgc" message:
[jmp *%esp technic]
http://rawlab.altervista.org/codes/exp/randstack/exp_jmp_rand.pl
[call *%edx technic]
http://rawlab.altervista.org/codes/exp/randstack/exp_call_rand.pl
This second case study was developed trying to exploit famous "abo3.c"
vulnerable program (see gera advanced overflow contest).
I hope you like that!
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.
http://rawlab.altervista.org
- Prev by Date: Re: Beating memory address randomization (secuirty) features in Unix/Linux
- Next by Date: Re: Delphi and buffer overflows
- Previous by thread: Re: Beating memory address randomization (secuirty) features in Unix/Linux
- Next by thread: Re: Beating memory address randomization (secuirty) features in Unix/Linux
- Index(es):
