Skip to content
/ Buffer-Overflow-Attack-Seedlab Public

Buffer overflow exploitation to get root access from other users

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Subangkar/Buffer-Overflow-Attack-Seedlab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
compile.sh
compile.sh
 
 
debug.sh
debug.sh
 
 
demo.c
demo.c
 
 
exploit.py
exploit.py
 
 
run.sh
run.sh
 
 

Repository files navigation

Buffer Overflow Attack

This repo contains a C code to demonstrate exploitation of buffer overflow during unsafe copy operation.

OS Used:

  • SEEDLAB, Ubuntu 16.04 32-bit (Should work on any 32-bit or i386 architecture)

Demonstration:

  • Login as normal user(i.e. not as root)
  • First disable virtual address randomization
sudo sysctl -w kernel.randomize_va_space=0
  • Now debug demo.c with gdb to know the return address to exploit and its offset from buffer to exploit
debug.sh demo.c
  • You should be in gdb console now. Finding address and offset from gdb using following commands
b foo
run
p $ebp
p &buffer
p/d $1-$2
q

Note address of ebp from p $ebp and offset from buffer from p/d $1-$2

  • After quitting from gdb console modify ebp address, and offset updating following lines in exploit.py
ebp_offset = <offset_obtained_from_gdb>
addr_ebp = <address_of_ebp_obtained_from_gdb>
  • Finally run the attack using run.sh
run.sh
  • If everything is okay, a bash would be opened as root. Check using
whoami

Resources used:

  • shellcode and demo.c from SEEDLAB

About

Buffer overflow exploitation to get root access from other users

Topics

gdb buffer-overflow-attack buffer-overflow buffer-overflow-exploit seedlab buffer-overflow-vulnerability gdb-console

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages