发表新帖
发表新帖

Writing a return-to-libc attack, but libc is loaded at 0x00 in memory

后端 未结
关注
2 1110
北海茫月
北海茫月 2021-01-13 17:51

I\'m writing a return to libc attack for my systems security class. First, the vulnerable code:

//vuln.c
#include 
#include
2条回答
  • 长情又很酷
    长情又很酷 (楼主)
    2021-01-13 18:37

    The act of mapping important libc function to addresses which contain a NULL byte is called ASCII armoring. This protection is part of RedHat Exec-shield which is currently enabled on recent ubuntu distros link To disable it you have to run as root:

    sysctl -w kernel.exec-shield=0

    as explained here

    By the way you can find interesting material about how to bypass ASCII armoring here on exploit-db

    0 讨论(0)
 看不清?
提交回复
热议问题