0

Can you recommend me OS mentioned in Shellcoder's Handbook because I'm having frequent issues on running ELF files mentioned there(See the errors below). I know that to overcome those error I have to enter commands or arguments but I did that too and I'm still not getting same output as in the book like on the assembly level.

I'm running one file to demonstrate on ubuntu 4.15.0-106-generic(testing environment I'm using) and a lot of the thing on assembly level is different.

This following dissimilarity will help you understand my problem. The below code is from the book is focused on int 0x80 instruction.

CODE:

main()
{
    exit(0);
}

This is the o/p from book:

[slap@0day root] gdb exit
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are welcome to change it and/or distribute copies of it under certain
conditions. Type “show copying” to see the conditions.
There is absolutely no warranty for GDB. Type “show warranty” for
details.
This GDB was configured as “i386-redhat-linux-gnu”...
(gdb) disas _exit
Dump of assembler code for function _exit:
0x0804d9bc <_exit+0>: mov 0x4(%esp,1),%ebx
0x0804d9c0 <_exit+4>: mov $0xfc,%eax
0x0804d9c5 <_exit+9>: int $0x80
0x0804d9c7 <_exit+11>: mov $0x1,%eax
0x0804d9cc <_exit+16>: int $0x80
0x0804d9ce <_exit+18>: hlt
0x0804d9cf <_exit+19>: nop
End of assembler dump.

This is o/p from my testing enviroment(ubuntu 4.15.0-106-generic 16.04.1):

GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5)7.11.1
This GDB was configured as "i686-linux-gnu"
gdb-peda$ disas exit
Dump of assembler code for function exit@plt:
   0x080482e0 <+0>:     jmp    DWORD PTR ds:0x804a00c
   0x080482e6 <+6>:     push   0x0
   0x080482eb <+11>:    jmp    0x80482d0
End of assembler dump.

As you can see there is no int 0x80 instruction on testing environment unlike from book.

Errors :

stack-smashing detected --- to overcome this error I used (-fno-stack-protector) and it works sometimes only.

or

Also Segmentation fault (core dumped) --- I'm getting this error when its not even mentioned in the book I know its the Linux version I'm using which must be patched for things from book.

So can you recommend me environment/OS mentioned in the book or is there any way to compile the binaries mentioned in the book to run on my testing environment(Linux 4.15.0-106-generic #107~16.04.1-Ubuntu)?

EDIT:

command using to compile elf file:

gcc -m32 -fno-stack-protector exit.c -o exit

also tried this,

gcc -static -m32 -fno-stack-protector exit.c -o exit

Adding -static gave this in assembly:

gdb-peda$ disas exit
Dump of assembler code for function exit:
   0x0804e440 <+0>:     sub    esp,0x10
   0x0804e443 <+3>:     push   0x1
   0x0804e445 <+5>:     push   0x80eb070
   0x0804e44a <+10>:    push   DWORD PTR [esp+0x1c]
   0x0804e44e <+14>:    call   0x804e320 <__run_exit_handlers>
End of assembler dump.
Evil Dead
  • 3
  • In one case you disassemble exit(), in the other you disassemble _exit(); those aren't the same function. Do you have a typo? – Andy Dalton Jul 02 '20 at 14:11
  • Also, can you please edit your question to include how you're compiling the sample application? My guess is adding -static will help – Andy Dalton Jul 02 '20 at 14:14
  • Also, are you saying you're getting a stack-smaching/segmentation fault from this program? Or are you talking about some other unlisted sample program(s)? – Andy Dalton Jul 02 '20 at 14:18
  • I tried creating new file using -static but I'm not getting int 0x80 as shown in book example. 2. Also Yes, I'm talking about different programs I haven't listed here, and they are giving me those error.
    • – Evil Dead Jul 02 '20 at 14:25
  • you responded to two of the three comments. Did you try disassembling _exit (like you show the book did; notice the underscore before exit) instead of exit? If that didn't work, did you repeat that experiment when compiling with -static? – Andy Dalton Jul 02 '20 at 14:38
  • @AndyDalton Sorry ! I did typo there its _exit and I compiled with -static and gave me int 0x80 .. But without "-static" when I typed disas _exit it gave me this error No symbol table is loaded. Use the "file" command. Can you please tell my why this happens ? Also I noticed that there book gdb is "i386-redhat-linux-gnu" and mine is "i686-linux-gnu" do you think it can make difference in reading assembly ? If it can then can I configure my gdb to "i386-redhat-linux-gnu" ? – Evil Dead Jul 02 '20 at 14:41
  • Maybe using CentOS will help, since is one of most related distros from RHEL. Not sure about Fedora (did not touch Fedora in last 12 years) – ares777 Jul 02 '20 at 14:52
  • Having in mind the version listed as 2003 , CentOS-7 was released that year. I have the 2nd edition of book, and I think this is way "to old" to compare with "new" releases (e.g. ubuntu, based on Debian ). So, put an CentOS 7 in a virtual machine, see if matches the book) – ares777 Jul 02 '20 at 15:08
  • @ares777 If you dont mind can you recommend me book which is similar to this(I mean deep into buffer overflows) and especially relevant to "new" release ? I search and search but couldn't find new books on it, I started to read this book because it was good rated. If you know please tell me !! – Evil Dead Jul 02 '20 at 18:07
  • I think you shall go with that book, deploy CentOS and so on. The mechanisms for exploits given in the book are good base for now. There is no way to go over in hardening kernels, since you want to have e good base to advance. But what book comes into my mind is 2010 edition of A Guide to Kernel Exploitation... I did not covered this subject from that time, I am a senior programmer enough to care about other aspects of computer science. On the other hand you can find on github enough *nix exploits references, for example. What differentiate script kiddies from others is cod(ing)e knowledge.:) – ares777 Jul 03 '20 at 13:02