Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
en:it-security:blog:buffer_overflow_x64-2 [2024/03/05 16:05] – created psycoreen:it-security:blog:buffer_overflow_x64-2 [2024/09/11 22:36] (current) – Discussion status changed psycore
Line 2: Line 2:
 ====== Buffer overflow in the 64-bit stack - Part 2 ====== ====== Buffer overflow in the 64-bit stack - Part 2 ======
  
-{{page>vorlagen:attention}}+In the second part, we activate the NX bit, which is intended to protect us from buffer overflows. To keep things fun, we will of course override this protection directly. We achieve this by passing the command to be executed to the [[https://de.wikipedia.org/wiki/C-Standard-Bibliothek|libc-Funktion]] ''system()'' is forwarded. This tutorial is fundamentally based on the work of [[https://blog.techorganic.com|superkojiman]] ((https://blog.techorganic.com/2015/04/21/64-bit-linux-stack-smashing-tutorial-part-2/))
  
 ===== Introduction ===== ===== Introduction =====
  
-In the second part, we activate the NX bit, which is intended to protect us from buffer overflows. To keep things fun, we will of course override this protection directly. We achieve this by passing the command to be executed to the [[https://de.wikipedia.org/wiki/C-Standard-Bibliothek|libc-Funktion]] ''system()'' is forwarded. This tutorial is fundamentally based on the work of [[https://blog.techorganic.com|superkojiman]] ((https://blog.techorganic.com/2015/04/21/64-bit-linux-stack-smashing-tutorial-part-2/))+{{page>en:vorlagen:64_bit_stack_nav}}
  
 Further information on ROP (Return Oriented Programming) and the basics of buffer overflows can be found in the link collection at the end. ((https://book.hacktricks.xyz/reversing-and-exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address)) ((https://ir0nstone.gitbook.io/notes/types/stack)) Further information on ROP (Return Oriented Programming) and the basics of buffer overflows can be found in the link collection at the end. ((https://book.hacktricks.xyz/reversing-and-exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address)) ((https://ir0nstone.gitbook.io/notes/types/stack))
Line 12: Line 12:
 \\ \\
 ==== Theory ==== ==== Theory ====
 +
 +{{page>en:vorlagen:attention}}
  
 The tutorial by superkojiman shows how the registers are overwritten step by step. To understand the process, we can debug the [[https://gist.github.com/superkojiman/595524f6b96c79380568|kompilierte debug binary]] from the blog. The tutorial by superkojiman shows how the registers are overwritten step by step. To understand the process, we can debug the [[https://gist.github.com/superkojiman/595524f6b96c79380568|kompilierte debug binary]] from the blog.
Line 203: Line 205:
 ^ Size | 4.00 KB | ^ Size | 4.00 KB |
 ^ Checksum (SHA256) | 88bda11b4652344bb9113a400b79e78abf028ef5eb89a74538061c96e2d306e5 | ^ Checksum (SHA256) | 88bda11b4652344bb9113a400b79e78abf028ef5eb89a74538061c96e2d306e5 |
 +
 +~~DISCUSSION~~