Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revisionBoth sides next revision | ||
en:it-security:blog:buffer_overflow_x64 [2024/03/07 20:03] – psycore | en:it-security:blog:buffer_overflow_x64 [2024/04/14 12:45] – psycore | ||
---|---|---|---|
Line 2: | Line 2: | ||
====== Buffer overflow in the 64-bit stack - part 1 ====== | ====== Buffer overflow in the 64-bit stack - part 1 ====== | ||
- | |||
- | {{: | ||
- | |||
- | <callout type=" | ||
- | The techniques and methods in this article are for learning purposes only! | ||
- | </ | ||
In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges. erlangen.((https:// | In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges. erlangen.((https:// | ||
Technical details on buffer overflows, stack etc. can be found at hier((https:// | Technical details on buffer overflows, stack etc. can be found at hier((https:// | ||
- | \\ | ||
- | \\ | ||
- | < | ||
- | classDiagram | ||
- | note for Buffer " | ||
- | note for RBP " | ||
- | note for RIP "place return address" | ||
- | Buffer --> RBP | ||
- | RBP --> RIP | ||
- | RIP --> 0x00007FFFFFFFC19F | ||
- | Buffer: AAAAAAAAAAAA | ||
- | RBP: BBBBBBBBBBBBBB | ||
- | RIP: 0x00007FFFFFFFFFC19F | ||
- | class 0x00007FFFFFFFC19F{ | ||
- | Shellcode() | ||
- | root shell | ||
- | } | ||
- | </ | ||
\\ | \\ | ||
\\ | \\ | ||
===== Dependencies ===== | ===== Dependencies ===== | ||
+ | |||
+ | {{page> | ||
What is needed? | What is needed? | ||
Line 62: | Line 40: | ||
\\ | \\ | ||
==== Programme ==== | ==== Programme ==== | ||
+ | |||
+ | {{: | ||
<code c> | <code c> | ||
Line 94: | Line 74: | ||
\\ | \\ | ||
===== RIP Register ===== | ===== RIP Register ===== | ||
+ | |||
+ | < | ||
+ | classDiagram | ||
+ | note for Buffer " | ||
+ | note for RBP " | ||
+ | note for RIP "place return address" | ||
+ | Buffer --> RBP | ||
+ | RBP --> RIP | ||
+ | RIP --> 0x00007FFFFFFFC19F | ||
+ | Buffer: AAAAAAAAAAAA | ||
+ | RBP: BBBBBBBBBBBBBB | ||
+ | RIP: 0x00007FFFFFFFFFC19F | ||
+ | class 0x00007FFFFFFFC19F{ | ||
+ | Shellcode() | ||
+ | root shell | ||
+ | } | ||
+ | </ | ||
Of interest to us is the register '' | Of interest to us is the register '' | ||
Line 227: | Line 224: | ||
^ Size | 5.76 KB | | ^ Size | 5.76 KB | | ||
^ Prüfsumme (SHA256) | 191e6f1811018970776e3bf035ff460033a47da62335fe5c9475a460b02a10d3 | | ^ Prüfsumme (SHA256) | 191e6f1811018970776e3bf035ff460033a47da62335fe5c9475a460b02a10d3 | | ||
+ | |||
+ | ~~DISCUSSION~~ |