Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lab 11-5 Exploiting Small Buffers issue #6

Open
ghost opened this issue Mar 14, 2019 · 3 comments
Open

Lab 11-5 Exploiting Small Buffers issue #6

ghost opened this issue Mar 14, 2019 · 3 comments

Comments

@ghost
Copy link

ghost commented Mar 14, 2019

I've been working through and very much enjoying the book for the past couple of weeks, but have recently been stumped by Lab 11-5. I have used the code from this GitHub repository on a 32-bit Kali Linux VM with ASLR disabled. Upon running exploit2, I get the same text printed to screen as is shown in the book but the user ID doesn't change, as far as I can tell the shell code doesn't execute at all. Has there been an update that prevents this particular exploit from working?

@saraiva
Copy link

saraiva commented Mar 16, 2021

I have the same issue with the 64bit Kali .ova file. Yes, I've used the -m32 switch with gcc :). As a cross check I've used the ISO from the book "Hacking, the Art of Exploitation" (Ubuntu 32bit) and it worked.
In issue 5 another user says " Instead of the VMware edition from kali.org I installed the 32bit version manually.".
I can't find a pattern of the issue, but it looks like that not all systems are equal...

@saraiva
Copy link

saraiva commented Mar 17, 2021

in this post one can find a hint how to find the base address, 64bit is rather a different world :)
https://stackoverflow.com/questions/36885127/buffer-overflow-using-environment-variables
I could not yet find a solution though..., it is still beyond my knowledge.

@saraiva
Copy link

saraiva commented Mar 18, 2021

ok, just realized there is a contrib folder under ch11 with the exploit2.c for 64 bit architecture...
don't know why I didn't notice that before :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant