en:it-security:blog:buffer_overflow_x64

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revisionBoth sides next revision
en:it-security:blog:buffer_overflow_x64 [2024/03/07 20:03] psycoreen:it-security:blog:buffer_overflow_x64 [2024/04/14 12:45] psycore
Line 2: Line 2:
  
 ====== Buffer overflow in the 64-bit stack - part 1 ====== ====== Buffer overflow in the 64-bit stack - part 1 ======
- 
-{{:it-security:blog:bof-64-1.jpg|}} 
- 
-<callout type="danger" icon="glyphicon glyphicon-alert" title="Attention!"> 
-The techniques and methods in this article are for learning purposes only! 
-</callout> 
  
 In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges. erlangen.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/64-bit-stack-based-buffer-overflow)) In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges. erlangen.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/64-bit-stack-based-buffer-overflow))
  
 Technical details on buffer overflows, stack etc. can be found at hier((https://medium.com/@buff3r/basic-buffer-overflow-on-64-bit-architecture-3fb74bab3558)) Technical details on buffer overflows, stack etc. can be found at hier((https://medium.com/@buff3r/basic-buffer-overflow-on-64-bit-architecture-3fb74bab3558))
-\\ 
-\\ 
-<mermaid> 
-classDiagram 
-    note for Buffer "Overwrite Buffer" 
-    note for RBP "Overwrite RBP" 
-    note for RIP "place return address" 
-    Buffer --> RBP 
-    RBP --> RIP 
-    RIP --> 0x00007FFFFFFFC19F 
-    Buffer: AAAAAAAAAAAA 
-    RBP: BBBBBBBBBBBBBB 
-    RIP: 0x00007FFFFFFFFFC19F 
-    class 0x00007FFFFFFFC19F{ 
-      Shellcode() 
-      root shell 
-    } 
-</mermaid> 
 \\ \\
 \\ \\
 ===== Dependencies ===== ===== Dependencies =====
 +
 +{{page>en:vorlagen:attention}}
  
 What is needed? What is needed?
Line 62: Line 40:
 \\ \\
 ==== Programme ==== ==== Programme ====
 +
 +{{:it-security:blog:bof-64-1.jpg|}}
  
 <code c> <code c>
Line 94: Line 74:
 \\ \\
 ===== RIP Register ===== ===== RIP Register =====
 +
 +<mermaid>
 +classDiagram
 +    note for Buffer "Overwrite Buffer"
 +    note for RBP "Overwrite RBP"
 +    note for RIP "place return address"
 +    Buffer --> RBP
 +    RBP --> RIP
 +    RIP --> 0x00007FFFFFFFC19F
 +    Buffer: AAAAAAAAAAAA
 +    RBP: BBBBBBBBBBBBBB
 +    RIP: 0x00007FFFFFFFFFC19F
 +    class 0x00007FFFFFFFC19F{
 +      Shellcode()
 +      root shell
 +    }
 +</mermaid>
  
 Of interest to us is the register ''RIP''. This contains a return address that points to another area in the code. We overwrite this return address with the buffer overflow. But first we have to find out how we can do this. Of interest to us is the register ''RIP''. This contains a return address that points to another area in the code. We overwrite this return address with the buffer overflow. But first we have to find out how we can do this.
Line 227: Line 224:
 ^ Size | 5.76 KB | ^ Size | 5.76 KB |
 ^ Prüfsumme (SHA256) | 191e6f1811018970776e3bf035ff460033a47da62335fe5c9475a460b02a10d3 | ^ Prüfsumme (SHA256) | 191e6f1811018970776e3bf035ff460033a47da62335fe5c9475a460b02a10d3 |
 +
 +~~DISCUSSION~~
  • en/it-security/blog/buffer_overflow_x64.txt
  • Last modified: 2024/04/14 12:46
  • by psycore