Ukubheka ukusebenzisa ubungozi

Njengoba bengilangazelela ukuqhubeka nokuxoxa ngalesi sihloko, ake ngikutshele umlando omncane, ithiyori, kanye nokuzilolonga ngobuthakathaka. Sonke sizwile manje ukuthi amaphutha ezokuphepha angabiza kakhulu, sonke siyazi ukuthi kufanele sigcine isoftware yethu isesikhathini, sonke siyazi ukuthi izibuyekezo eziningi zibangelwa izimbungulu zokuphepha. Kepha namhlanje ngizokutshela kancane ukuthi la maphutha atholakele futhi axhashazwe kanjani 🙂 Kepha ngaphambi kwalokhu sizocacisa imininingwane embalwa ukuze sibe nokubuka konke okungcono.

Ngaphambi kokuthi uqale

Okokuqala ngifuna ukukutshela ukuthi sizogxila ebucayini bokuqala engifunde ukubusebenzisa, okwaziwayo Ukuchichima Kwebhafa, kulokhu kuba sengozini sisebenzisa ngokunenzuzo ukuqinisekiswa kwememori ukwenza izinto ezimnandi 🙂 Kepha ake sicacise kancane ngakho.

Lokhu ngeke kube yisimo sangempela somhlaba

Anginamandla okubafundisa ukwephula noma yiluphi uhlelo abalubona 🙂 kuqala ngoba luyingozi kumakhompyutha abo, okwesibili ngoba lokho kungathatha isilinganiso esingejwayelekile samagama.

Sithatha uhambo oluya kuma-80s

Engizokukhombisa khona ngikwazi ukukwenza kwi-laptop yami, kepha akusho ukuthi kungenziwa namuhla ngendlela elula 🙂 eminingi yale miqondo isivele isetshenziswe kaningi kangangokuba izindlela ezintsha zokuvikela nezindlela ezintsha zokuzigwema sezivelile 😛 kepha lokho kusibuyisela endaweni efanayo, asikho isikhala sokukwazi ukukutshela konke lokho 🙂

Kungenzeka kungasebenzi kuphrosesa yakho

Yize ngizosebenzisa isibonelo esilula, ngifuna ukuthi kucace kwasekuqaleni ukuthi imininingwane yalokhu miningi kakhulu futhi ihlukahlukene kakhulu njengoba ingaphuma ifane nami, uma ufuna ukuyizama, umphumela oyifunayo nawo awutholakali 🙂 Kepha ungacabanga ukuthi angikwazi ukukuchaza lokho kulesi sikhala, ikakhulukazi ngoba ngalesi sethulo sengivele ngithathe amagama angaphezu kwama-300, ngakho-ke siqonda ngqo endaweni yethu.

Yini i- Ukuchichima Kwesibambi

Ukuphendula lokhu kufanele siqale siqonde isigamu sokuqala sale nhlanganisela.

Ama-Buffers

Njengoba konke kumayelana nenkumbulo kwikhompyutha, kunengqondo ukuthi kufanele kube nohlobo oluthile lwesitsha solwazi. Uma sikhuluma okokufaka Imiphumela, siza ngqo emcabangweni we buffers. Ukuyigcina imfishane, a i-buffer Kuyisikhala sememori sosayizi ochaziwe lapho sizogcina khona imininingwane eminingi, elula 🙂

Ukuchichima kwenzeka, njengoba negama lisho, lapho i-buffer igcwalisa imininingwane engaphezulu kwengakwazi ukuyiphatha. Kodwa kungani lokhu kubalulekile?

Stack

Eyaziwa nangokuthi izitaki, ziwuhlobo lwedatha olungabonakali esingakwazi ngalo isitaki Imininingwane, isici sabo esiyinhloko ukuthi bane-oda I-LIFO (Kugcine Kuqala ukuphuma). Ake sicabange umzuzwana ngesitaki samapuleti, siwabeka phezulu ngakunye, bese siwakhipha ngamunye ngamunye phezulu, lokhu kwenza ipuleti lokugcina esilibekile (leli eliphezulu) liyipuleti lokuqala esizoyikhipha, kusobala ukuthi uma singakhipha ipuleti elilodwa ngasikhathi sinye bese sinquma ukukwenza ngaleyo ndlela: P.

Manje njengoba usuyazi lemiqondo emibili, kufanele siyibeke ngokulandelana kwayo. Izitaki zibalulekile ngoba uhlelo ngalunye esilusebenzisayo lunalo olwalo isitaki sokubulawa. Kepha lesi sitaki sine- isici esithileikhula phansi. Ukuphela kwento odinga ukuyazi ngalokhu ukuthi ngenkathi uhlelo lusebenza, lapho umsebenzi ubizwa, isitaki sisuka kwinombolo X ngememori siye kwinombolo (Xn). Kepha ukuze siqhubeke kumele siqonde umqondo owodwa.

Izikhombo

Lo ngumqondo osanganisa abaningi bohlelo lapho beqala emhlabeni we-C, empeleni amandla amakhulu wohlelo lwe-C ngokwengxenye ngenxa yokusetshenziswa kwezikhombi. Ukuyigcina ilula, isikhombi ukhomba ikheli lememori. Lokhu kuzwakala kuyinkimbinkimbi, kepha akuyona into eyinkimbinkimbi kangako, sonke sine-RAM emishinini yethu angithi? Yebo, lokhu kungachazwa njenge- ukuhlelwa okulandelanayo kwamabhulokhi, lezi zindawo zivame ukuvezwa ngezinombolo ze-hexadecimal (kusuka ku-0 kuye ku-9 bese kusuka ku-A kuye ku-F, njenge-0x0, 0x1, 0x6, 0xA, 0xF, 0x10). Lapha njengombhalo onelukuluku, 0x10 CHA ilingana no-10 😛 uma siyiguqulela ku-decimal oda kungafana nokuthi sithi 15. Lokhu kuyinto ebuye idideke ngaphezulu kweyodwa ekuqaleni, kepha ake sehle kuyona.

Amarekhodi

Amaprosesa asebenza ngenombolo ethile ye- amarekhodi, esebenza ukudlulisa izindawo kusuka kwimemori ebonakalayo iye ku-processor, yokwakha okusebenzisa ama-bits angama-64, inani lamarejista likhulu futhi kunzima ukulichaza lapha, kepha ukuthola umqondo, amarejista afana nezikhombisi, akhombisa phakathi kwezinye izinto, isikhala sememori (indawo).

Manje zijwayeze

Ngiyazi ukuthi bekululwazi oluningi ukucubungula kuze kube manje, kepha empeleni kuyizinkinga eziyinkimbinkimbi engizama ukuzichaza ngendlela elula kakhulu, sizobona uhlelo oluncane olusebenzisa ama-buffers futhi sizoluphula ukuze sikuqonde lokhu mayelana nokuchichima, kusobala ukuthi lolu akulona Kuluhlelo lwangempela, futhi "sizogwema" izindlela eziningi zokuphikisa ezisetshenziswayo namhlanje, ukukhombisa nje ukuthi izinto zazenziwa kanjani phambilini 🙂 futhi ngoba eminye yale migomo iyadingeka ukuze sikwazi ukufunda izinto eziyinkimbinkimbi 😉

I-GDB

Uhlelo olukhulu ngokungangabazeki olungenye yezinhlelo ezisetshenziswa kakhulu nguC. Phakathi kokuhle kwalo okuningi sineqiniso lokuthi lusivumela ukuthi sikubone konke lokhu ebesikhuluma ngakho kuze kube manje, amarejista, isitaki, izigaxa, njll. uhlelo esizolusebenzisa njengesibonelo sethu.

i-retinput.c

Okwakhe. UChristopher Diaz Riveros

Lolu uhlelo olulula impela, sizosebenzisa umtapo wezincwadi stdio.h ukukwazi ukuthola imininingwane nokuyiveza esigungwini. Sibona umsebenzi obizwa ngokuthi return_input ekhiqiza i- i-buffer kubizwa i-array, enobude obungu-30 amabhayithi (uhlobo lwedatha ye-char lungu-1 Byte ubude)

Umsebenzi gets(array); cela imininingwane nge-console nomsebenzi printf() ibuyisa okuqukethwe kwamalungu afanayo bese ikubonisa esikrinini.

Lonke uhlelo olubhalwe ngo-C luqala ngomsebenzi main(), lokhu kuzophatha kuphela ukubiza ukubuya_kungenayo, manje sizohlanganisa uhlelo.

Okwakhe. UChristopher Diaz Riveros

Ake sithathe kancane kwalokho engisanda kukwenza. Inketho -ggdb utshela i-gcc ukuthi kufanele ihlanganise uhlelo nolwazi lwe-gdb ukuze ikwazi ukulungisa iphutha kahle. -fno-stack-protector Kuyinketho okusobala ukuthi bekungafanele ngabe siyayisebenzisa, kepha esizoyisebenzisa ngoba uma kungenjalo bekungenzeka ukuthi kukhiqizwe i-buffer echichima esitaki. Ekugcineni ngivivinye umphumela. ./a.out iqhuba nje lokhu engisanda kukuhlanganisa, icela imininingwane bese iyakubuyisa. Iyagijima 🙂

Izixwayiso

Enye inothi lapha. Uyazibona yini izixwayiso? ngokusobala kuyinto okufanele ibhekwe lapho sisebenza ngekhodi noma sihlanganisa, lokhu kusobala futhi kunezinhlelo ezimbalwa namuhla ezinomsebenzi gets() Kwikhodi. Enye inzuzo ye-Gentoo ukuthi ngokuhlanganisa uhlelo ngalunye, ngiyabona ukuthi yini engase ingahambi kahle, uhlelo "oluhle" akufanele lube nazo, kepha uzomangala ukuthi zingaki izinhlelo ezinkulu ezinezixwayiso ngoba zikhulu KAKHULU futhi kunzima ukuzilandela. imisebenzi eyingozi lapho kunezexwayiso eziningi ngasikhathi sinye. Manje uma siqhubeka

Isusa iphutha kuhlelo

Okwakhe. UChristopher Diaz Riveros

Manje le ngxenye ingadida kancane, kepha njengoba sengibhale ngokwanele, anginamandla okuchaza konke, ngiyaxolisa uma ubona ukuthi ngishesha kakhulu 🙂

Ukukhubaza ikhodi

Ake siqale ngokubheka uhlelo lwethu oluhlanganisiwe lolimi lomshini.

Okwakhe. UChristopher Diaz Riveros

Le yikhodi yomsebenzi wethu oyinhloko ku- Assembly, yilokhu okucutshungulwa yiprosesa yethu, umugqa ongakwesobunxele ikheli lendawo kwimemori, i- <+ n> yaziwa ngokuthi offset, ngokuyisisekelo ibanga kusukela ekuqaleni komsebenzi (main) kuleso sitatimende (esaziwa njenge i-opcode). Ngemuva kwalokho sibona uhlobo lwemiyalo (i-Push / mov / callq…) kanye nerejista eyodwa noma ngaphezulu. Ngokufingqiwe singasho ukuthi kuyinkomba elandelwa ngumthombo / imvelaphi nendawo okuyiwa kuyo. <return_input> kubhekisa emsebenzini wethu wesibili, ake sibheke.

Buyisela_okufaka

Okwakhe. UChristopher Diaz Riveros

Lokhu kuyinkimbinkimbi ngokwengeziwe, kepha ngifuna nje ukuthi ubheke izinto ezimbalwa, kukhona ithegi ebizwa <gets@plt> kanye ne-opcode yokugcina yokugcina ebizwa ngokuthi retq ekhombisa ukuphela komsebenzi. Sizobeka izindawo ezimbalwa zokuphumula, eyodwa emsebenzini gets nomunye ku retq.

Okwakhe. UChristopher Diaz Riveros

Qalisa

Manje sizoqhuba uhlelo ukubona ukuthi isenzo siqala kanjani.

Okwakhe. UChristopher Diaz Riveros

Siyabona ukuthi umcibisholo omncane uvela okhombisa i-opcode lapho sikhona, ngifuna ukuthi bacabangele inkomba 0x000055555555469b, leli ikheli ngemuva kocingo oluya kulo return_input ekusebenzeni main , lokhu kubalulekile njengoba kulapho uhlelo kufanele lubuye khona lapho uqeda ukwamukela i- okokufaka, ake singene emsebenzini. Manje sizohlola inkumbulo ngaphambi kokufaka umsebenzi gets.

Okwakhe. UChristopher Diaz Riveros

Nginibekele umsebenzi omkhulu, futhi ngigqamise ikhodi ebengibhekise kuyo, njengoba nibona, ngenxa ye- okokugcina ihlukaniswe yaba izingxenye ezimbili, ngifuna ukuthi ubheke ukuqondiswa 0x7fffffffdbf0 (owokuqala kusuka kwesobunxele ngemuva komyalo x/20x $rsp) ngoba le yindawo okufanele siyisebenzise ukuhlola imiphumela yokuthola, asiqhubeke:

Ukwephula uhlelo

Okwakhe. UChristopher Diaz Riveros

Ngikuqhakambisile lokho 0x44444444ngoba bamele ama-Ds wethu manje sesiqale ukungeza okokufaka ohlelweni, futhi njengoba ubona, simane nje imigqa emibili kusuka kukheli lethu esilifunayo, sizoligcwalisa size size ngaphambi nje kwamakheli esiwakhombise esinyathelweni esedlule.

Ukushintsha indlela yokubuyela

Manje njengoba sesikwazile ukufaka lesi sigaba sekhodi lapho sibonisa khona ukubuya komsebenzi, ake sibone ukuthi kwenzekani uma siguqula ikheli 🙂 esikhundleni sokuya endaweni ye-opcode elandela leyo ebesinayo umzuzwana edlule, ucabangani uma sibuyela emuva return_input? Kepha ngalokhu, kuyadingeka ukubhala ikheli esilifunayo kanambambili, sizokwenza nomsebenzi printf kusuka ku-bash 🙂

Okwakhe. UChristopher Diaz Riveros

Manje sesithole imininingwane kabili 😀 impela uhlelo belungakhelwanga lokho, kepha sikwazile ukwephula ikhodi futhi sayenza yaphinda into obekungafanele yenziwe.

Ukucabanga

Lolu shintsho olulula lungabhekwa njenge- sebenzisa eyisisekelo very ukwazile ukwephula uhlelo futhi wenza okuthile esifuna akwenze.

Lesi yisinyathelo sokuqala sohlu lwezinto ongaziboni nokuzengeza, kunezindlela zokwengeza izinto eziningi kunokuphinda i-oda, kepha kulokhu ngibhale okuningi nakho konke okuphathelene ukufaka i-shellcoding kuyisihloko sokubhala ngaphezu kwezindatshana, ngingasho ukuthi izincwadi eziphelele. Uxolo uma ngingakwazanga ukucwaninga kakhudlwana ezihlokweni ebengizothanda, kodwa impela kuzoba nethuba 🙂 Ukubingelela nokubonga ngokufika lapha.


Amazwana ayi-14, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   2p2 kusho

    Qondisisa kakhudlwana. Bhala okuncane bese ugxila kokusemqoka

    1.    UChrisADR kusho

      Sawubona, ngiyabonga ngokuphawula.

      Ukukhuluma iqiniso, nginqume ingxenye enhle yemibono, kepha noma kunjalo kubonakala kimi ukuthi ngishiye ubuncane ukuze umuntu ongenalo ulwazi lohlelo athole umbono.

      Phendula ngokucaphuna

      1.    engaziwa kusho

        Inkinga ukuthi labo abangenalo ulwazi lwezinhlelo ngeke bathole lutho ngoba kuyinkimbinkimbi kakhulu ukuqala ngakho, kepha labo abakwaziyo ukwenza uhlelo bayakwazisa ukuqondisisa.

        Ngicabanga ukuthi awukwazi ukufinyelela kuwo wonke umuntu, kufanele ukhethe, kulokhu-ke wonile ngokufuna ukumboza okuningi.

        Ngale ndlela, ngikutshela njengokugxeka okwakhayo, ngiyazithanda lezi zihloko futhi ngithanda ukuthi uqhubeke ubhale izindatshana, siyakuhalalisela!

    2.    engaziwa kusho

      Ngicabanga okufanayo.

      1.    UChrisADR kusho

        Ngiyabonga kakhulu kubo bobabili !! Kunzima impela ukuqonda ukuthi ungazifinyelela kanjani izethameli ezihlosiwe lapho iqiniso ukuthi inani labantu abanezinga eliphakeme lohlelo abafunda lezi zihloko lincane (okungenani lokho kungabhekiswa ngokususelwa kumazwana)

        Ngempela ngonile ngokufuna ukwenza lula okuthile okudinga isisekelo esibanzi solwazi ukuze siqondwe. Ngiyethemba uyaqonda ukuthi njengoba ngisaqala ukubhuloga, angikalitholi iphuzu eliqondile lapho abafundi bami bazi futhi baqonde engikushoyo. Lokho kuzokwenza kube lula ukukhuluma iqiniso 🙂

        Ngizozama ukuba mfushane lapho kufanele ngaphandle kokulingisa ifomethi, ngoba ukwahlukanisa indlela yokubhala kokuqukethwe kuyinkimbinkimbi kakhulu kunalokho umuntu angakucabanga, okungenani ngibaxhumanise impela, kepha ngicabanga ukuthi ekugcineni ngizokwazi ukwengeza imigqa ku esikhundleni sokusika okuqukethwe.

        Phendula ngokucaphuna

  2.   Mario kusho

    Kukuphi lapho ungazi khona kabanzi ngale ndaba? Ingabe ikhona incwadi enconyiwe?

    1.    UChrisADR kusho

      Isibonelo sithathwe ku-The Shellcoder's Handbook nguChris Anley, John Heasman, Felix Linder noGerardo Richarte, kepha ukuze ngenze ukuhumusha okungama-64 bekufanele ngifunde ngobuciko bami, incwajana yonjiniyela yonjiniyela, amavolumu 2 no-3 Umthombo othembekile walokho. Kuhle futhi ukufunda imibhalo ye-GDB, eza nomyalo we-'info gdb ', Ukufunda i-Assembly ne-C kunezincwadi eziningi ezinhle kakhulu, ngaphandle kokuthi izincwadi ze-Assembly zindala kancane ngakho-ke kukhona igebe lokugcwaliswa ngolunye uhlobo imibhalo.

      I-shellcode uqobo ayisasebenzi kulezi zinsuku ngezizathu ezahlukahlukene, kepha kusathakazelisa ukufunda amasu amasha.

      Ngiyethemba kuyasiza kancane 🙂 Sanibonani

  3.   Franz kusho

    Buen artículo, el viejo blog desdelinux ha vuelto a renacer =)
    Uma uthi igobolondo elikude alisebenzi kangako, usho izindlela zokulwa ezenzelwe ukunciphisa ukuhlaselwa, bakubiza ngokuthi ukuphepha okuhlaselayo.
    Sanibonani niqhubeke njalo

    1.    UChrisADR kusho

      Ngiyabonga kakhulu uFranz words amagama anomusa kakhulu, empeleni bengisho ukuthi uShellcoding namuhla unzima kakhulu kunalokhu esikubona lapha. Sine-ASLR (okungahleliwe indawo yokukhumbula imemori) isivikeli sesitaki, izinyathelo ezahlukahlukene nezinyathelo zokunqanda ezinciphisa inani lama-opcode angajojelwa ohlelweni, futhi kusisiqalo nje.

      Ukulawula,

  4.   Isofthiwe yamahhala kusho

    Sawubona, ingabe uzokwenza enye ingxenye ukwandisa isihloko? Kuyathakazelisa

    1.    UChrisADR kusho

      Sawubona, isihloko sithakazelisa impela, kepha izinga lokuxakeka ebesingalithatha lizoba likhulu kakhulu, mhlawumbe lifake inani elikhulu lokuthunyelwe ukuze kuchazwe izidingo ezahlukahlukene zokuqonda okunye. Ngizobhala ngakho, kepha ngeke kube okuthunyelwe okulandelayo, ngifuna ukubhala izihloko ezimbalwa ngaphambi kokuqhubeka nalokhu.

      Ukubingelela, futhi ngiyabonga ngokwabelana

  5.   i-cactus kusho

    Kuhle kakhulu che! Unikela ngokuthunyelwe okuhle! Umbuzo owodwa, ngiqala le nto ye-IT Security ngokufunda incwadi ebizwa ngokuthi "Ukuqinisekisa ukuphepha ngokuhlola ipeni." Ingabe le ncwadi inconyiwe? Usikisela kanjani ukuthi ngiqale ukubuza ngalezi zinkinga?

    1.    UChrisADR kusho

      Sawubona cactus, kungumhlaba wonke mayelana nokuba sengcupheni, nokunye, ukukhuluma iqiniso kuncike kakhulu ekutheni yini ekuthakaselayo, kanye nezidingo onazo, umphathi we-IT akudingeki azi ngokufana nomhloli wepeni, Noma umcwaningi osengozini, noma umhlaziyi we-forensic, iqembu lokuthola izinhlekelele linamakhono ahlukile kakhulu. Ngokusobala ngayinye yazo idinga izinga elihlukile lolwazi lobuchwepheshe, ngincoma ukuthi uqale ukuthola lokho okuthandayo, bese uqala ukushwabadela izincwadi, izindatshana, nokunye, futhi okubaluleke kakhulu, yenza konke okufundayo, noma ngabe kuphelelwe yisikhathi , lokho kuzokwenza umehluko ekugcineni.
      Ukulawula,

  6.   Eizen kusho

    Sawubona!
    Ngiyabonga kakhulu ngokuchaza lesi sihloko, kanye nokuphawula lokho ukuthola eminye imininingwane sine "The Shellcoder's Handbook". Sengivele nginokufunda okulindile 😉