I'm working on a system security project with the topic: buffe roverflow attack. I do have a program and the sourcecode I should gain root permissions with. The problem I have is caused by a random canary, at the beginning ot the program the random number generator is initialized:
srand(time(NULL) ^ (getpid() << 16));
later on the canary gets set by
canary = rand();
My question: Is it possible to regenerate the canary? I would like to regenerate the salt (time(NULL) returns the time since 1970 in seconds and pid is constant as the program starts) and then get the canary by calling rand(). I'm not familiar with any script language and do not have a lot linux experience, so I hope not to waste time with a solution that would never work. Thank you in advance! :)
Aucun commentaire:
Enregistrer un commentaire