Question

I am exploiting a buffer overflow attack and need to find three pieces of information in Linux using gdb.

• 1) The address of the function system
• 2) The address of the function parameter for system() which is /bin/sh. /bin/ parameter is what will spawn a shell
• 3) The address of a function that can exit the shell.

I was able to use gbd commands to find the first two but what command would I use to find the address of a function that can exit the shell?

Answer 1

GDB is basically stands for GNU Debugger, it is software tool to debug the C/C++ code. You can get the information of compiled code by running it using GDB.

Before using GDB, the code should be compiled with the option -g.

for ex: gcc -g buffer_demo.c -o buffer_demo

There are number of commands available in GDB, using GDB commands, one can use the capabilities of GDB.

Some examples of commands are:

1. Run
2. Help
3. break or b
4. enable
5. delete
6. info
7. print and so on

Here, with respect to your query, "info" command shall be used to find out the address information you are targeting for. Info command gives you the address of symbol (function) present in the source file. You can get the address of symbol by making it as a break point.

Exit command is used to terminate the shell script. So all scripts contain exit statement at the end of script file. Last command executed in function or scripts gives information about exit status.Successful termination throws zero value while unsuccessful throws non-zero with error reporting message.

One trick could be use to find out your exit statement address. Just set the exit () or return or last statement of script/function as a break-point and then execute the command "info <break-point no>. It should display the address of function/symbol which is exiting the shell.