Differences

This shows you the differences between two versions of the page.

--- en:it-security:blog:buffer_overflow_x64 [2024/02/20 22:19] – created psycore
+++ en:it-security:blog:buffer_overflow_x64 [2024/08/02 12:31] (current) – psycore
@@ Line 1: / Line 1: @@
 {{tag>english linux kali it-security pentest blog}}
-====== Buffer overflow in the 64-bit stack ======
-^ Project files | {{ it-security:nosoc-repo-bof64.zip |}} |
+====== Buffer overflow in the 64-bit stack - part 1 ======
-^ Size | 5.76 KB |
-^ Prüfsumme (SHA256) | 191e6f1811018970776e3bf035ff460033a47da62335fe5c9475a460b02a10d3 |
-In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges. erlangen.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/64-bit-stack-based-buffer-overflow))
+In this tutorial, we will create a buffer overflow on the 64-bit stack to gain root privileges.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/64-bit-stack-based-buffer-overflow))
-Technical details on buffer overflows, stack etc. can be found at hier((https://medium.com/@buff3r/basic-buffer-overflow-on-64-bit-architecture-3fb74bab3558))
+Technical details on buffer overflows, stack etc. can be found here((https://medium.com/@buff3r/basic-buffer-overflow-on-64-bit-architecture-3fb74bab3558))
-\\
-\\
-<mermaid>
-classDiagram
-    note for Buffer "Overwrite Buffer"
-    note for RBP "Overwrite RBP"
-    note for RIP "place return address"
-    Buffer --> RBP
-    RBP --> RIP
-    RIP --> 0x00007FFFFFFFC19F
-    Buffer: AAAAAAAAAAAA
-    RBP: BBBBBBBBBBBBBB
-    RIP: 0x00007FFFFFFFFFC19F
-    class 0x00007FFFFFFFC19F{
-      Shellcode()
-      root shell
-    }
-</mermaid>
 \\
 \\
 ===== Dependencies =====
+{{page>en:vorlagen:64_bit_stack_nav}}
+{{page>en:vorlagen:attention}}
 What is needed?
@@ Line 41: / Line 24: @@
 ==== gdb-peda Exploit Tools ====
-gdb-peda extends the debugger GDB with helpful commands to exploit Entwicklung.((https://github.com/longld/peda/blob/master/README))
+gdb-peda extends the debugger GDB with helpful commands to exploit.((https://github.com/longld/peda/blob/master/README))
 <code bash>
-wget http://ropshell.com/peda/peda.tar.gz
+git clone https://github.com/longld/peda.git ~/peda
-tar zxvf peda.tar.gz
 echo "source ~/peda/peda.py" >> ~/.gdbinit
 </code>
@@ Line 60: / Line 42: @@
 \\
 ==== Programme ====
+{{:it-security:blog:bof-64-1.jpg|}}
 <code c>
@@ Line 92: / Line 76: @@
 \\
 ===== RIP Register =====
+<mermaid>
+classDiagram
+    note for Buffer "Overwrite Buffer"
+    note for RBP "Overwrite RBP"
+    note for RIP "place return address"
+    Buffer --> RBP
+    RBP --> RIP
+    RIP --> 0x00007FFFFFFFC19F
+    Buffer: AAAAAAAAAAAA
+    RBP: BBBBBBBBBBBBBB
+    RIP: 0x00007FFFFFFFFFC19F
+    class 0x00007FFFFFFFC19F{
+      Shellcode()
+      root shell
+    }
+</mermaid>
 Of interest to us is the register ''RIP''. This contains a return address that points to another area in the code. We overwrite this return address with the buffer overflow. But first we have to find out how we can do this.
@@ Line 205: / Line 206: @@
 ==== Attack ====
-First we set root rights to the vulnerable file and start diese((https://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/))
+First we set root rights to the vulnerable file and start it((https://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/))
 <code bash>
@@ Line 222: / Line 223: @@
 \\
 \\
+^ Project files | {{ it-security:nosoc-repo-bof64.zip |}}<label type="info" icon="glyphicon glyphicon-compressed">ZIP</label> |
+^ Size | 5.76 KB |
+^ Prüfsumme (SHA256) | 191e6f1811018970776e3bf035ff460033a47da62335fe5c9475a460b02a10d3 |
+~~DISCUSSION~~