Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Segmentation fault

  1. #1
    Join Date
    Nov 2012
    Beans
    4

    Segmentation fault

    Hi Everyone,

    I am new to linux and need urgent help. I have installed Ubuntu 12.04 and wanted to run a small program in c to show bufferoverflow attack.I compiled this program using gcc compiler, but when I passed the address like (something."\x43\x40\x83") arrgument with memory address.

    I am getting a "Segmentation fault(core dumped)"
    I have tried -fno-stack-protector but it's not working.

    please help me , thanks in advance.

  2. #2
    Join Date
    Jun 2007
    Location
    Paraparaumu, New Zealand
    Beans
    Hidden!

    Re: Segmentation fault

    Thread moved to Programming Talk.
    Forum DOs and DON'Ts
    Please use CODE tags
    Including your email address in a post is not recommended
    My Blog

  3. #3
    Join Date
    Feb 2009
    Beans
    1,469

    Re: Segmentation fault

    That is what should generally happen when you overflow a buffer (and thereby scribble on memory you don't own). If you think there's a reason your code should not segfault, please post it.

    It's possible, even likely, that the exploit you were trying to use does not affect the current Ubuntu kernel version.

  4. #4
    Join Date
    Nov 2012
    Beans
    4

    Re: Segmentation fault

    Thanks for the quick reply

    I have made file the victim.c with this code
    Code:
    #include <string.h>
    #include <stdio.h> 
    
    void foo(const char* input)
    {
        char buf[10];
    
        printf("My stack looks like:\n%p\n%p\n%p\n%p\n%p\n% p\n\n");
    
        strcpy(buf, input);
        printf("%s\n", buf);
    
        printf("Now the stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
    }
    
    void bar(void)
    {
        printf("Augh! I've been hacked!\n");
    }
    
    int main(int argc, char* argv[])
    {
        //Blatant cheating to make life easier on myself
        printf("Address of foo = %p\n", foo);
        printf("Address of bar = %p\n", bar);
        if (argc != 2) 
     {
            printf("Please supply a string as an argument!\n");
            return -1;
    	} 
    foo(argv[1]);
        return 0;
    }
    then when I am executing this file I am passing argument with the bar function addres.
    but I am getting Segmentation fault (code dumped) error


    Quote Originally Posted by trent.josephsen View Post
    That is what should generally happen when you overflow a buffer (and thereby scribble on memory you don't own). If you think there's a reason your code should not segfault, please post it.

    It's possible, even likely, that the exploit you were trying to use does not affect the current Ubuntu kernel version.
    Last edited by lisati; November 16th, 2012 at 06:19 AM. Reason: Added code tags for readability

  5. #5
    Join Date
    Jun 2007
    Location
    Paraparaumu, New Zealand
    Beans
    Hidden!

    Re: Segmentation fault

    Where's printf getting the values to plug into the %p?
    Forum DOs and DON'Ts
    Please use CODE tags
    Including your email address in a post is not recommended
    My Blog

  6. #6
    Join Date
    Nov 2012
    Beans
    4

    Re: Segmentation fault

    when i run the victim file I get the address of both function then I am passing the address with the argument like

    root@ubuntu:/home/BufferOverflow# ./victim aaaaaaa."\x81\x80\x04"
    Address of foo = 0x8048444
    Address of bar = 0x8818004

    My stack looks like:
    (nil)
    0xbffff6c8
    0xb5c50c2f
    0xb2fc5c10
    0x8042357
    0xbffcc6b4


    Segmentation fault (core dumped)



    Quote Originally Posted by lisati View Post
    Where's printf getting the values to plug into the %p?

  7. #7
    Join Date
    Jun 2007
    Location
    Paraparaumu, New Zealand
    Beans
    Hidden!

    Re: Segmentation fault

    You might want to compare your printf statements......
    Forum DOs and DON'Ts
    Please use CODE tags
    Including your email address in a post is not recommended
    My Blog

  8. #8
    Join Date
    Aug 2010
    Location
    Lancs, United Kingdom
    Beans
    1,588
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Segmentation fault

    Quote Originally Posted by goldy2425 View Post
    root@ubuntu:/home/BufferOverflow# ./victim aaaaaaa."\x81\x80\x04"
    Address of foo = 0x8048444
    Address of bar = 0x8818004
    So, what I think you are trying to do is write the address of bar onto the stack by writing beyond the bounds of the stack variable buf. You are not doing that: you are writing beyond the bounds of buf, but you are not writing the address of bar.

    First, the interpretation of \x81 etc. that the compiler applies to a string literal in C source code is not applied by the C runtime to command line arguments. So \x81 is not the byte whose hex value is 81, but rather it is 4 characters '\' 'x' '8' '1'.

    Second (and I'm not an expert here), you need to think about the size of the pointer (4 or 8 bytes), the byte order and alignment. If you actually manage to write the address of bar after the end of buf, will it do what you want it to? Dunno.

  9. #9
    Join Date
    Nov 2005
    Location
    Sendai, Japan
    Beans
    11,296
    Distro
    Kubuntu

    Re: Segmentation fault

    Code:
    firas@itsuki ~ % cat test.c 
    #include <string.h>
    #include <stdio.h> 
    
    void foo(const char* input)
    {
        char buf[10];
        strcpy(buf, input);
    }
    
    void bar(void)
    {
        printf("Augh! I've been hacked!\n");
    }
    
    int main(void)
    {
        char input[] = {'1', '2',
                        '1', '2', '3', '4',
                        '1', '2', '3', '4',
                        '1', '2', '3', '4',
                        '1', '2', '3', '4',
                        '1', '2', '3', '4',
                        0x56, 0x84, 0x04, 0x08, '\0'};
        foo(input);
        return 0;
    }
    firas@itsuki ~ % gcc -fno-stack-protector -o test test.c                                    
    firas@itsuki ~ % ./test 
    Augh! I've been hacked!
    zsh: segmentation fault (core dumped)  ./test
    Still segfaults though... I'm not an expert either, so I would have to investigate it further but I don't have a lot of time on my hands right now...
    「明後日の夕方には帰ってるからね。」


  10. #10
    Join Date
    Apr 2007
    Location
    NorCal
    Beans
    1,149
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Segmentation fault

    Quote Originally Posted by lisati View Post
    Where's printf getting the values to plug into the %p?
    x86 calling conventions are for parameters to be passed on the stack (although in some cases they may be passed in registers). printf takes a variable amount of arguments, and it assumes that the number of arguments specified by the format is how many arguments are actually passed at runtime. So, it will look down the stack for the arguments, taking however many bytes the format tells it to. %p is the pointer type, which generally is the size of a word on the CPU. So, it's a hack-y way to get a printout of the stack without GDB and friends. It's a hack, platform specific, and not guaranteed to work in other environments. If you compile this with -Wall or equivalent on most modern compilers, you will get a warning of "too few arguments for format" which tries to guard against this sort of thing, but this is an extension of the compiler, and not part of the C language.
    Posting code? Use the [code] or [php] tags.
    I don't care, I'm still free. You can't take the sky from me.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •