Differences

This shows you the differences between two versions of the page.

--- en:it-security:blog:buffer_overflow_x64 [2024/03/07 20:03] – psycore
+++ en:it-security:blog:buffer_overflow_x64 [2024/04/14 12:46] (current) – psycore
@@ Line 3: / Line 3: @@
 ====== Buffer overflow in the 64-bit stack - part 1 ======
-{{:it-security:blog:bof-64-1.jpg|}}
+In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/64-bit-stack-based-buffer-overflow))
-<callout type="danger" icon="glyphicon glyphicon-alert" title="Attention!">
+Technical details on buffer overflows, stack etc. can be found here((https://medium.com/@buff3r/basic-buffer-overflow-on-64-bit-architecture-3fb74bab3558))
-The techniques and methods in this article are for learning purposes only!
-</callout>
-In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges. erlangen.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/64-bit-stack-based-buffer-overflow))
-Technical details on buffer overflows, stack etc. can be found at hier((https://medium.com/@buff3r/basic-buffer-overflow-on-64-bit-architecture-3fb74bab3558))
-\\
-\\
-<mermaid>
-classDiagram
-    note for Buffer "Overwrite Buffer"
-    note for RBP "Overwrite RBP"
-    note for RIP "place return address"
-    Buffer --> RBP
-    RBP --> RIP
-    RIP --> 0x00007FFFFFFFC19F
-    Buffer: AAAAAAAAAAAA
-    RBP: BBBBBBBBBBBBBB
-    RIP: 0x00007FFFFFFFFFC19F
-    class 0x00007FFFFFFFC19F{
-      Shellcode()
-      root shell
-    }
-</mermaid>
 \\
 \\
 ===== Dependencies =====
+{{page>en:vorlagen:attention}}
 What is needed?
@@ Line 44: / Line 22: @@
 ==== gdb-peda Exploit Tools ====
-gdb-peda extends the debugger GDB with helpful commands to exploit Entwicklung.((https://github.com/longld/peda/blob/master/README))
+gdb-peda extends the debugger GDB with helpful commands to exploit.((https://github.com/longld/peda/blob/master/README))
 <code bash>
@@ Line 62: / Line 40: @@
 \\
 ==== Programme ====
+{{:it-security:blog:bof-64-1.jpg|}}
 <code c>
@@ Line 94: / Line 74: @@
 \\
 ===== RIP Register =====
+<mermaid>
+classDiagram
+    note for Buffer "Overwrite Buffer"
+    note for RBP "Overwrite RBP"
+    note for RIP "place return address"
+    Buffer --> RBP
+    RBP --> RIP
+    RIP --> 0x00007FFFFFFFC19F
+    Buffer: AAAAAAAAAAAA
+    RBP: BBBBBBBBBBBBBB
+    RIP: 0x00007FFFFFFFFFC19F
+    class 0x00007FFFFFFFC19F{
+      Shellcode()
+      root shell
+    }
+</mermaid>
 Of interest to us is the register ''RIP''. This contains a return address that points to another area in the code. We overwrite this return address with the buffer overflow. But first we have to find out how we can do this.
@@ Line 207: / Line 204: @@
 ==== Attack ====
-First we set root rights to the vulnerable file and start diese((https://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/))
+First we set root rights to the vulnerable file and start it((https://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/))
 <code bash>
@@ Line 227: / Line 224: @@
 ^ Size | 5.76 KB |
 ^ Prüfsumme (SHA256) | 191e6f1811018970776e3bf035ff460033a47da62335fe5c9475a460b02a10d3 |
+~~DISCUSSION~~