Saturday, January 20, 2024

Linux Stack Protection By Default

Modern gcc compiler (v9.2.0) protects the stack by default and you will notice it because instead of SIGSEGV on stack overflow you will get a SIGABRT, but it also generates coredumps.




In this case the compiler adds the variable local_10. This variable helds a canary value that is checked at the end of the function.
The memset overflows the four bytes stack variable and modifies the canary value.



The 64bits canary 0x5429851ebaf95800 can't be predicted, but in specific situations is not re-generated and can be bruteforced or in other situations can be leaked from memory for example using a format string vulnerability or an arbitrary read wihout overflowing the stack.

If the canary doesn't match, the libc function __stack_chck_fail is called and terminates the prorgam with a SIGABORT which generates a coredump, in the case of archlinux managed by systemd and are stored on "/var/lib/systemd/coredump/"


❯❯❯ ./test 
*** stack smashing detected ***: terminated
fish: './test' terminated by signal SIGABRT (Abort)

❯❯❯ sudo lz4 -d core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000.lz4
[sudo] password for xxxx: 
Decoding file core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 
core.test.1000.c611b : decoded 249856 bytes 

 ❯❯❯ sudo gdb /home/xxxx/test core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 -q 


We specify the binary and the core file as a gdb parameters. We can see only one LWP (light weight process) or linux thread, so in this case is quicker to check. First of all lets see the back trace, because in this case the execution don't terminate in the segfaulted return.




We can see on frame 5 the address were it would had returned to main if it wouldn't aborted.



Happy Idea: we can use this stack canary aborts to detect stack overflows. In Debian with prevous versions it will be exploitable depending on the compilation flags used.
And note that the canary is located as the last variable in the stack so the previous variables can be overwritten without problems.




Related posts

  1. How To Install Pentest Tools In Ubuntu
  2. Pentest Tools Port Scanner
  3. Hacking Tools For Beginners
  4. New Hack Tools
  5. Hacker Tools For Pc
  6. Hacker Hardware Tools
  7. Hacker Tool Kit
  8. Pentest Tools Port Scanner
  9. Pentest Tools Free
  10. Hacker Tools For Pc
  11. Hackers Toolbox
  12. Hack Rom Tools
  13. Usb Pentest Tools
  14. Pentest Tools Linux
  15. World No 1 Hacker Software
  16. Hacking Tools 2019
  17. Github Hacking Tools
  18. Hak5 Tools
  19. Pentest Tools Kali Linux
  20. Pentest Tools Website
  21. Pentest Tools Nmap
  22. Pentest Tools Port Scanner
  23. Bluetooth Hacking Tools Kali
  24. Pentest Tools Review
  25. Pentest Tools Linux
  26. Hack Website Online Tool
  27. Hackrf Tools
  28. Hackers Toolbox
  29. Usb Pentest Tools
  30. Pentest Tools Website Vulnerability
  31. Hacking Tools For Beginners
  32. Hacking Tools For Mac
  33. Pentest Tools Framework
  34. Hack Website Online Tool
  35. Wifi Hacker Tools For Windows
  36. Hacking Tools For Windows Free Download
  37. Pentest Tools
  38. New Hacker Tools
  39. Best Pentesting Tools 2018
  40. New Hack Tools
  41. Hacker Tools 2020
  42. Hack Tools For Ubuntu
  43. Hacker
  44. Growth Hacker Tools
  45. Usb Pentest Tools
  46. Pentest Tools For Android
  47. Hack Tools For Games
  48. Hack Tools For Windows
  49. Pentest Tools Subdomain
  50. Hack Apps
  51. Hacker Tools Linux
  52. Hack Tools
  53. Pentest Tools For Windows
  54. Pentest Tools Download
  55. What Are Hacking Tools
  56. Hacking Tools Kit
  57. Pentest Tools Open Source
  58. Pentest Tools Tcp Port Scanner
  59. Hacking Tools Mac
  60. Pentest Tools Alternative
  61. Bluetooth Hacking Tools Kali
  62. Wifi Hacker Tools For Windows
  63. Hacking Tools Pc
  64. Growth Hacker Tools
  65. Hack Tools 2019
  66. Best Pentesting Tools 2018
  67. Pentest Tools Open Source
  68. Termux Hacking Tools 2019
  69. Hacker Tools Online
  70. Pentest Tools Kali Linux
  71. Pentest Tools Subdomain
  72. Hacker Tools Mac
  73. Pentest Reporting Tools
  74. Hack Tools Download
  75. Hacker Tools 2020
  76. Hacking Tools
  77. Pentest Box Tools Download
  78. Hacking Tools Pc
  79. Pentest Automation Tools
  80. Hack Tools Pc
  81. Pentest Tools Linux
  82. Pentest Box Tools Download
  83. Hacking Tools Online
  84. New Hacker Tools
  85. Pentest Recon Tools
  86. Hacker Tools 2019
  87. Hacker Tools For Pc
  88. What Are Hacking Tools
  89. Hacker Tools For Pc
  90. Free Pentest Tools For Windows
  91. Termux Hacking Tools 2019
  92. Pentest Tools Online
  93. Pentest Tools Kali Linux
  94. Hacking Tools Online
  95. Game Hacking
  96. Hacker Tools Hardware
  97. Pentest Tools Tcp Port Scanner
  98. Pentest Tools Linux
  99. Hacker Tools For Windows
  100. Hacker Tools Free Download
  101. Best Pentesting Tools 2018
  102. Hack Rom Tools
  103. Hacking Tools Online
  104. Hacking Tools Mac
  105. Hacking Tools For Windows
  106. Hack Rom Tools
  107. Pentest Tools Android
  108. Hack Website Online Tool
  109. What Is Hacking Tools
  110. Hack Apps
  111. Pentest Tools Android
  112. Pentest Tools Linux
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)