有没有办法绕过SSP(StackSmashing Protection)/Propolice?

发布于 2024-07-19 06:37:00 字数 94 浏览 8 评论 0原文

经过一番研究后,我没有找到任何描述执行此操作的方法的论文(甚至没有一篇不可靠的论文)。 好像是SSP(StackSmashing Protection)/Propolice

After some research i haven't found any paper describing method to do this (no even an unreliable one). It seems that SSP (StackSmashing Protection)/Propolice

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

梦断已成空 2024-07-26 06:37:00

Canary 是一种非常好的安全措施,可以防止某些缓冲区溢出。 多年来,各种 Canary 实现已被破坏,然后变得更加安全。 重要的是,尽管有先进的内存保护,缓冲区溢出仍然在 Vista、Windows 7 和 Fedora 11 上被利用……值得

一提的是,Canary 只保护函数的调用框架(其中包括强大的 EIP!) 。 缓冲区溢出可能发生在另一段内存(例如堆)中,而金丝雀不会产生任何影响。 此外,应用程序可以使用缓冲区溢出进行黑客攻击,而无需覆盖 EIP。 控制 EIP 是一种非常直接且简单的方法,可以将缓冲区溢出转变为杀手级漏洞利用,这就是为什么它是最常见的漏洞利用方法。

这些利用方法以及其他方法在利用软件:如何破解代码中进行了详细介绍。

Canary's are a very good security measure for protecting against some buffer overflows. Over the years various Canary implementations have been broken and then made more secure. What is important is that even despite advanced memory protection buffer overflows are still being exploited on Vista, Windows 7 and Fedora 11...

One very important thing to mention is that Canary's only protect the function's call frame (which includes the mighty EIP!). A buffer overflow can happen in another segment of memory such as the Heap, and a canary would have no affect. Further more an application can be hacked using a buffer overflow without ever having to overwrite an EIP. Controlling the EIP is a very straight forward and easy method to turn a buffer overflow into a killer exploit and that is why it is the most common method of exploitation.

These exploitation methods, as well as others are gone over in great detail in Exploiting Software: How to break code.

无边思念无边月 2024-07-26 06:37:00

我更熟悉 Microsoft 的 GS 堆栈保护,但这两种方法看起来很相似

以下来自 Microsoft 的博客文章展示了一个示例,即使在使用堆栈 cookie 时,攻击者仍然可以控制(第一个示例应该适用于非 Windows 系统):

这篇博文讨论了一些即将到来的堆栈保护改进:

I am more familar with Microsoft's GS stack protection but the two approaches seem similar.

The following blog post from Microsoft shows one example where an attacker can still take control even when stack cookies are in use (the first example should be applicable to non-Windows systems):

This blog post talks about some of the upcoming improvements to stack protection:

不如归去 2024-07-26 06:37:00

如果应用程序在堆栈上有一个数组/缓冲区,并且使用调用者控制的索引值而不进行边界检查,则调用者将能够访问任意内存位置,并且堆栈保护将无法阻止或检测到它。

If an application has an array/buffer on the stack, and uses caller-controlled index values without bounds checking, then a caller will be able to access arbitrary memory locations, and stack protection won't be able to prevent or detect it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文