basic shellcode - why it runs on my system, if .data is not executable
Greetings,
Suppose we have this piece of code, on Linux/i686
(my machine is Slackware Linux 13.1, 32 bit):
What happens in the shellcode sc[] is a system call to execve, for /bin/sh. The question is : WHY this program works ? Because if we compile it, and run pmap and gdb on it, we can see a read & exec page, from virtual address 0x08048000, page in which exists the function main(), and we see another page, read & write (but no exec), from address 0x08049000, in which exists sc[].
In main, the only thing we do is to overwrite the return-address of main() with the address of sc[], which is in a non-executable page.
Question 1 : So, WHY on my Slackware 13.1 system it works ?
(On other systems, like Ubuntu, it seems it doesn't work, only if we enable with execstack the stack - stack executable.)
(Slackware Linux 13.1 : Linux kernel 2.6.33, GCC 4.4.4, /proc/sys/kernel/randomize_va_space == 1)
Question 2 :
Suppose we have this code :
Why it doesn't work ? Why we don't get a shell prompt ? (Compared to question 1.) The only thing that is different is the call to printf, so the modified return address of main remains untouched, after printf().
References : http://www.enderunix.org/docs/en/bof-eng.txt.:: Phrack Magazine ::.Thank you for your help.
A.
Hi,
We are in the process of migrating from AIX to Linux. There is a script of type "executable (RISC System/6000) or object module not stripped" on AIX and we are unable to read the contents of it.
Is there a way to read the contents of the file on AIX, so that we can rewrite the code in... (3 Replies)
hpux. older version. don't have alot of the newer features in some utilities.
How do I verify that a variable starts with the letter A. I would like to make it case insensitive.
Also, if I have a variable that has letters and numbers. I want to change all the lower case letters to upper case.... (2 Replies)
If your boss ask you to create a template for all UNIX systems. Max 10 questions of the system. What would you put down?
The system can be any UNIX flavor.
Some examples:
1. system name
2. OS
3. ETC
What would be for you the most important and relevants. (2 Replies)
Is this a permission issue I got this shl that runs okay in one data base but not in another DB in UNIX
i changed the real names for xxx for this post
!/bin/ksh
set -x
##SID="$1";
##SIDQ="@${SID}";
##ORACLE_SID="@${SID}";
# set database name
SID=$ORACLE_SID;
LOWER_SID=`echo... (1 Reply)
hi all,
i want to setup a solaris10 lab for 50 trainees. kindly let me know all the basic hardware & system requirements for the lab .
with regards,
Raj (5 Replies)
Come and create a new thread to post a basic system administration command to share with all .. :)
#df -h
-- to list down mounted filesystem with the capacity
#uname -a
-- to provide brief system information (7 Replies)
Hi
Could anyone please tell me how to create a basic menu system that enables a user to select and run a script from a list of choices?
I was thinking along the lines of "push 1 to start script 1", "push 2 to start script 2" etc
If anyone could help that would be great, thank you (2 Replies)