Vulnerability Development mailing list archives
Re: Beating memory address randomization (secuirty) features in Unix/Linux
From: Andrea Purificato - bunker <bunker () fastwebnet it>
Date: Mon, 3 Apr 2006 23:04:25 +0200
Alle 15:52, sabato 25 marzo 2006, hd12787 () yahoo com ha scritto:
I've studied how to beat memory adress randomization. Does anyone know how to beat memory address randomization in Unix/Linux?
Today i've studied the problem on my linux box (2.6.15.6), and i've written two case study samples on the false line of "xgc" message: [jmp *%esp technic] http://rawlab.altervista.org/codes/exp/randstack/exp_jmp_rand.pl [call *%edx technic] http://rawlab.altervista.org/codes/exp/randstack/exp_call_rand.pl This second case study was developed trying to exploit famous "abo3.c" vulnerable program (see gera advanced overflow contest). I hope you like that! -- Andrea "bunker" Purificato +++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++ ++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++. http://rawlab.altervista.org
Current thread:
- Re: Beating memory address randomization (secuirty) features in Unix/Linux sean (Apr 03)
- Re: Beating memory address randomization (secuirty) features in Unix/Linux Don Bailey (Apr 03)
- Re: Beating memory address randomization (secuirty) features in Unix/Linux Mike Davis (Apr 03)
- <Possible follow-ups>
- Re: Beating memory address randomization (secuirty) features in Unix/Linux Andrea Purificato - bunker (Apr 03)
- Re: Beating memory address randomization (secuirty) features in Unix/Linux Don Bailey (Apr 03)