Skip to content

Commit 1974b97

Browse files
author
rsundahl
committed
Overreach using stack-protector-all when compiling fullhook (the application).
1 parent bb9166e commit 1974b97

2 files changed

Lines changed: 8 additions & 4 deletions

File tree

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,4 +28,4 @@ RUN gcc -std=gnu99 -fstack-protector-all -fPIC -Fpie -pie src/basehook.c -Wl,-z,
2828
RUN gcc -std=gnu99 -fstack-protector-all -fPIC -Fpie -pie src/fullhook.c -Wl,-z,relro,-z,now -shared -lc -ldl lib/utilhook.a -o dll/fullhook.so
2929

3030
RUN mkdir ./app
31-
RUN gcc -std=gnu99 -fstack-protector-all -fPIC -Fpie -pie -DFULLHOOK_MAIN=1 src/fullhook.c lib/utilhook.a -Wl,-z,relro,-z,now -lc -ldl -o app/fullhook
31+
RUN gcc -std=gnu99 -fPIC -Fpie -pie -DFULLHOOK_MAIN=1 src/fullhook.c lib/utilhook.a -Wl,-z,relro,-z,now -lc -ldl -o app/fullhook

README.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,15 @@ Readhook is a set of two "hook" routines that can be injected into an applicatio
77
./build.sh
88
```
99
## Testing
10-
Start listenter on host:port in another shell before running the following command:
10+
First, start a listener (in a different shell) for test.sh to phone-home to. e.g.
1111
```
12-
./test.sh <host<:port>>
12+
nc -l 5555
1313
```
14-
Test.sh will run fullhook as an application. The default host is docker.for.mac.localhost. The default port is 5555.
14+
Then, run test.sh. e.g.
15+
```
16+
./test.sh localhost:5555
17+
```
18+
Test.sh will run fullhook as an application. The default host is docker.for.mac.localhost. The default port is 5555. The purpose of test.sh and fullhook (the application) are to generate a payload against fullhook (the application) and manually call the internal, vulnerable buffer overflow with the generated payload. If a listener is started first, and reachable by fullhook (the application) running in the container, it should phone-home with a reverse shell. If the reverse shell fails to connect to the listener, or if the payload is not correct (a program error that test.sh is intended to detect for developers), the program behavior is undefined and may include: segment violation, illegal addresss, illegal instruction, infinite looping, and so on. In that sense, there is only one "defined" behavior for fullhook (the application), and that behavior is to phone-home to the listener. Failure to phone-home to the listener will result in "undefined" behavior by the program.
1519

1620
## Tutorial
1721
See https://blog.polyverse.io/an-intentional-buffer-overflow-hmm-5c357238b687

0 commit comments

Comments
 (0)